[SLING-7534] Release policy - stop providing MD5 and start providing SHA-512 checksums - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Parent 43
Component/s: Tooling
Labels:
None

Description

See http://www.apache.org/dev/release-distribution#sigs-and-sums , we SHOULD no longer provide MD5 checksums for new releases.

Attachments

Issue Links

causes

SLING-10355 Update the Commiter CLI to check SHA-512 signatures for the source release

Open

is blocked by

MRESOLVER-56 Support SHA-256 and SHA-512 as checksums

Closed

is duplicated by

SLING-8052 MD5 and SHA1 should no longer be provided on download pages

Resolved

is related to

SLING-8699 Create sub-command to moving artifacts to dist.apache.org

Open

MPOM-205 create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release

Closed

MDEPLOY-271 Allow to optionally disable checksum creation

Closed

MPOM-244 Deploy SHA-512 for source-release to Remote Repository

Closed

relates to

JCR-4378 MD5 and SHA1 should no longer be provided on download pages

Closed

links to

GH PR

MVNCENTRAL-5276

NEXUS-21802

(2 is related to, 1 relates to, 3 links to)

Sub-Tasks

Update check_staged_release.sh to verify SHA-512 signature for the source release

Resolved

Robert Munteanu

100%

Activity

People

Assignee:: Konrad Windszus

Reporter:: Robert Munteanu

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 05/Mar/18 15:53

Updated:: 22/Jul/21 09:07

Resolved:: 21/May/21 07:05

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2h 10m

Include sub-tasks