ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anton Vinogradov ...@apache.org>
Subject Re: Release policy updates
Date Wed, 22 Aug 2018 13:27:00 GMT
Issue [1] created.

[1] https://issues.apache.org/jira/browse/IGNITE-9346

пн, 20 авг. 2018 г. в 17:27, Denis Magda <dmagda@gridgain.com>:

> Yes, let’s just remove md5. Will you create the ticket and handle this for
> 2.7?
>
> Denis
>
> On Monday, August 20, 2018, Anton Vinogradov <av@apache.org> wrote:
>
> > Denis,
> >
> > Currently we provide md5 and sha512 [1].
> > Should we just get rid of md5?
> >
> > [1] https://www.apache.org/dist/ignite/2.6.0/
> >
> > сб, 18 авг. 2018 г. в 3:51, Denis Magda <dmagda@apache.org>:
> >
> >> Peter, Anton V, Igniters,
> >>
> >> The board communicated the following release policy changes:
> >>   -- for new releases :
> >>      -- you MUST supply a SHA-256 and/or SHA-512 file
> >>      -- you SHOULD NOT supply MD5 or SHA-1 files
> >>
> >> Are we good? More details are below.
> >>
> >>
> >>
> >>
> >> *2 Release Dist Policy Changes  (Q? users@infra.apache.org)
> >> -----------------------------------------------------------------------
> >>
> >> The Release Distribution Policy[1] changed regarding checksum files.
> >> See under "Cryptographic Signatures and Checksums Requirements" [2].
> >>
> >> Note that "MUST", "SHOULD", "SHOULD NOT" are technical terms ;
> >> not just emphasized words ; for an explanation see RFC-2119 [3].
> >>
> >> Old policy :
> >>
> >>   -- SHOULD supply a SHA checksum file
> >>   -- SHOULD NOT supply a MD5 checksum file
> >>
> >> New policy :
> >>
> >>   -- SHOULD supply a SHA-256 and/or SHA-512 checksum file
> >>   -- SHOULD NOT supply MD5 or SHA-1 checksum files
> >>
> >> Why this change ?
> >>
> >>   -- Like MD5, SHA-1 is too broken ; we should move away from it.
> >>
> >> Impact for PMCs :
> >>
> >>   -- for new releases :
> >>      -- you MUST supply a SHA-256 and/or SHA-512 file
> >>      -- you SHOULD NOT supply MD5 or SHA-1 files
> >>
> >>   -- for past releases :
> >>      -- you are not required to change anything ;
> >>      -- it would be nice if you fixed your dist area ;
> >>         start with : cleanup ; rename .sha's ; remove .md5's
> >>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message