Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-23601

Remove .md5 files from release

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.4.0
    • Fix Version/s: 2.3.1, 2.4.0
    • Component/s: Build
    • Labels:
      None
    • Target Version/s:

      Description

      Per email from Henk to PMCs:

         The Release Distribution Policy[1] changed regarding checksum files.
          See under "Cryptographic Signatures and Checksums Requirements" [2].
      
            MD5-file == a .md5 file
            SHA-file == a .sha1, sha256 or .sha512 file
      
         Old policy :
      
            -- MUST provide a MD5-file
            -- SHOULD provide a SHA-file [SHA-512 recommended]
      
         New policy :
      
            -- MUST provide a SHA- or MD5-file
            -- SHOULD provide a SHA-file
            -- SHOULD NOT provide a MD5-file
      
            Providing MD5 checksum files is now discouraged for new releases,
            but still allowed for past releases.
      
         Why this change :
      
            -- MD5 is broken for many purposes ; we should move away from it.
               https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues
      
         Impact for PMCs :
      
            -- for new releases :
               -- please do provide a SHA-file (one or more, if you like)
               -- do NOT provide a MD5-file
      
            -- for past releases :
               -- you are not required to change anything
               -- for artifacts accompanied by a SHA-file /and/ a MD5-file,
                  it would be nice if you removed the MD5-file
      
            -- if, at the moment, you provide MD5-files,
               please adjust your release tooling.
      

        Attachments

          Activity

            People

            • Assignee:
              srowen Sean R. Owen
              Reporter:
              srowen Sean R. Owen
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: