Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-23601

Remove .md5 files from release

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.4.0
    • 2.3.1, 2.4.0
    • Build
    • None

    Description

      Per email from Henk to PMCs:

         The Release Distribution Policy[1] changed regarding checksum files.
          See under "Cryptographic Signatures and Checksums Requirements" [2].
      
            MD5-file == a .md5 file
            SHA-file == a .sha1, sha256 or .sha512 file
      
         Old policy :
      
            -- MUST provide a MD5-file
            -- SHOULD provide a SHA-file [SHA-512 recommended]
      
         New policy :
      
            -- MUST provide a SHA- or MD5-file
            -- SHOULD provide a SHA-file
            -- SHOULD NOT provide a MD5-file
      
            Providing MD5 checksum files is now discouraged for new releases,
            but still allowed for past releases.
      
         Why this change :
      
            -- MD5 is broken for many purposes ; we should move away from it.
               https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues
      
         Impact for PMCs :
      
            -- for new releases :
               -- please do provide a SHA-file (one or more, if you like)
               -- do NOT provide a MD5-file
      
            -- for past releases :
               -- you are not required to change anything
               -- for artifacts accompanied by a SHA-file /and/ a MD5-file,
                  it would be nice if you removed the MD5-file
      
            -- if, at the moment, you provide MD5-files,
               please adjust your release tooling.
      

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            srowen Sean R. Owen
            srowen Sean R. Owen
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment