ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anton Vinogradov ...@apache.org>
Subject Re: Release policy updates
Date Mon, 20 Aug 2018 09:37:12 GMT
Denis,

Currently we provide md5 and sha512 [1].
Should we just get rid of md5?

[1] https://www.apache.org/dist/ignite/2.6.0/

сб, 18 авг. 2018 г. в 3:51, Denis Magda <dmagda@apache.org>:

> Peter, Anton V, Igniters,
>
> The board communicated the following release policy changes:
>   -- for new releases :
>      -- you MUST supply a SHA-256 and/or SHA-512 file
>      -- you SHOULD NOT supply MD5 or SHA-1 files
>
> Are we good? More details are below.
>
>
>
>
> *2 Release Dist Policy Changes  (Q? users@infra.apache.org)
> -----------------------------------------------------------------------
>
> The Release Distribution Policy[1] changed regarding checksum files.
> See under "Cryptographic Signatures and Checksums Requirements" [2].
>
> Note that "MUST", "SHOULD", "SHOULD NOT" are technical terms ;
> not just emphasized words ; for an explanation see RFC-2119 [3].
>
> Old policy :
>
>   -- SHOULD supply a SHA checksum file
>   -- SHOULD NOT supply a MD5 checksum file
>
> New policy :
>
>   -- SHOULD supply a SHA-256 and/or SHA-512 checksum file
>   -- SHOULD NOT supply MD5 or SHA-1 checksum files
>
> Why this change ?
>
>   -- Like MD5, SHA-1 is too broken ; we should move away from it.
>
> Impact for PMCs :
>
>   -- for new releases :
>      -- you MUST supply a SHA-256 and/or SHA-512 file
>      -- you SHOULD NOT supply MD5 or SHA-1 files
>
>   -- for past releases :
>      -- you are not required to change anything ;
>      -- it would be nice if you fixed your dist area ;
>         start with : cleanup ; rename .sha's ; remove .md5's
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message