esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Delacretaz <bdelacre...@apache.org>
Subject Re: [VOTE] Approve the release of apache-esme-incubating-1.0
Date Wed, 17 Feb 2010 15:47:54 GMT
Hi,

On Wed, Feb 17, 2010 at 4:22 PM, Richard Hirsch <hirsch.dick@gmail.com> wrote:
> Working on the problerm with signing the release and I'm getting the same
> problem that Bertrand describes. Maybe it is a difference between using SHA1
> and SHA512. ..

Ah ok - I assumed SHA1 (and my openssl doesn't do sha512), but
re-reading http://www.apache.org/dev/release-signing.html I see that
SHA512 is recommended there, with a .sha extension.

If you generate an SHA512 digest (which is fine), using an .sha512
extension instead would IMHO make it clearer which digest algorithm is
used.

For Sling releases we use .sha1 (http://www.apache.org/dist/sling/) -
I think using just .sha leaves room for confusion, as happened to me
;-)

-Bertrand

Mime
View raw message