qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robbie Gemmell <robbie.gemm...@gmail.com>
Subject Re: [DISCUSS] release checksum filename extension
Date Fri, 10 Mar 2017 17:16:48 GMT
I decided to set the svn:mime-type to text/plain for the
qpid-jms-0.21.0 release files I just added. It turns out that is what
gets used on the main www.apache.org webserver once they are
eventually released, and the issue only applies on the dist.apache.org
webserver fronting the svn dist repo.

Robbie

On 10 March 2017 at 12:22, Robbie Gemmell <robbie.gemmell@gmail.com> wrote:
> As noted in the vote thread, the webserver presenting the svn dist
> repo is seemingly mishhandling the .sha files and this leads to
> Firefox saving a gzip encoded version of the checksum. This is raised
> as https://issues.apache.org/jira/browse/INFRA-13629
>
> Hopefully it can be fixed webserver side, but in the mean time setting
> a mime type on the file in the svn repo makes the webserver pick it up
> and act differently, and this gets things working in Firefox. I used
> the following for the proton-j 0.18.0 release checksums:
> svn propset svn:mime-type application/x-sha2 *.sha
>
> If needed, we can use some svn client config to do that automatically
> in future. If folks use a recent enough svn client it can actually be
> propset in the repo and clients will pick it up and action it.
>
> On 7 March 2017 at 23:24, Robbie Gemmell <robbie.gemmell@gmail.com> wrote:
>> Thats probably where the key difference lies - I dont have the general
>> shasum, only specific sha[1|224|256|384|512]sum variants that do
>> complain when given the 'wrong' thing. I'm long overdue an update to
>> an up to date OS so that probably explains that. It makes sense they
>> should be able to look at whats there and attempt to verify as seems
>> appropriate.
>>
>> My suggestion to change wasnt really to say that there is an implied
>> particular choice for .sha, just that given we are changing things we
>> should make them consistent the distribution policy and each other
>> while doing so.
>>
>> On 7 March 2017 at 23:04, Justin Ross <justin.ross@gmail.com> wrote:
>>> I will change the qpid-python .sha file to SHA-512.  And I wouldn't have
>>> objected to using .sha512 if Robbie had felt like going against the grain.
>>>
>>> FWIW, before I made the change to SHA-256 and .sha, I tested that Fedora's
>>> 'shasum' does not require extra options to check such files.  It seems to
>>> figure it out on its own.  In some cursory poking around, I haven't found
>>> anything that says .sha indicates any particular SHA hash function.
>>>
>>> On Tue, Mar 7, 2017 at 10:19 AM, Robbie Gemmell <robbie.gemmell@gmail.com>
>>> wrote:
>>>
>>>> ;)
>>>>
>>>> I decided to go with the guideline and created a SHA512 file with .sha
>>>> extension. We can make it clear on the website that its SHA512. Folks
>>>> doing it blind will just have to try it, or look at the content to
>>>> figure it out.
>>>>
>>>> Given the name is 'correct', I'd probably regenerate the qpid-python
>>>> checksum using SHA512. We could also just leave it alone this time
>>>> since it only says you SHOULD use SHA512.
>>>>
>>>> On 7 March 2017 at 18:05, Rob Godfrey <rob.j.godfrey@gmail.com> wrote:
>>>> > To be fair that page says nothing about how to name SHA256 checksums
:-),
>>>> > only that we SHOULD be creating SHA512 checksums named .sha.
>>>> >
>>>> > So, I'm +1 on naming the SHA256 .sha256 ... and it seems like the Python
>>>> > release really shouldn't name a SHA256 file .sha as by the above that
>>>> > extension should be reserved for SHA512.
>>>> >
>>>> > -- Rob
>>>> >
>>>> > On 7 March 2017 at 18:34, Timothy Bish <tabish121@gmail.com> wrote:
>>>> >
>>>> >> On 03/07/2017 12:23 PM, Robbie Gemmell wrote:
>>>> >>
>>>> >>> According to http://www.apache.org/dev/release-distribution.html#sigs-
>>>> >>> and-sums
>>>> >>> .sha is actually required:
>>>> >>>
>>>> >>> "An SHA checksum SHOULD also be created and MUST be suffixed
.sha. The
>>>> >>> checksum SHOULD be generated using SHA512."
>>>> >>>
>>>> >>> I find the extension a little unhelpful personally, but ok..
:)
>>>> >>>
>>>> >>
>>>> >> I would have voted for .sha256 for clarity
>>>> >>
>>>> >>
>>>> >>> Robbie
>>>> >>>
>>>> >>> On 7 March 2017 at 17:11, Robbie Gemmell <robbie.gemmell@gmail.com>
>>>> >>> wrote:
>>>> >>>
>>>> >>>> Hi folks,
>>>> >>>>
>>>> >>>> I noted in the qpid-python-1.36.0 vote thread that the .sha
file
>>>> >>>> contained a sha256 checksum, this being in place of the
historic .sha1
>>>> >>>> checksum file.
>>>> >>>>
>>>> >>>> I'm curious what people think about the name relative to
the contents?
>>>> >>>> I think .sha256 might be friendlier so that people know
how to try and
>>>> >>>> verify it implicitly from its name?
>>>> >>>>
>>>> >>>> I mainly ask as I think I'll include one for the proton-j-0.18.0
>>>> >>>> release im about to cut, and am trying to settle on a name
for it.
>>>> >>>>
>>>> >>>> Robbie
>>>> >>>>
>>>> >>> ---------------------------------------------------------------------
>>>> >>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>>>> >>> For additional commands, e-mail: users-help@qpid.apache.org
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>
>>>> >> --
>>>> >> Tim Bish
>>>> >> twitter: @tabish121
>>>> >> blog: http://timbish.blogspot.com/
>>>> >>
>>>> >>
>>>> >>
>>>> >> ---------------------------------------------------------------------
>>>> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>>>> >> For additional commands, e-mail: users-help@qpid.apache.org
>>>> >>
>>>> >>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>>>> For additional commands, e-mail: users-help@qpid.apache.org
>>>>
>>>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message