spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Apache Spark (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (SPARK-23601) Remove .md5 files from release
Date Mon, 05 Mar 2018 14:01:00 GMT

     [ https://issues.apache.org/jira/browse/SPARK-23601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Apache Spark reassigned SPARK-23601:
------------------------------------

    Assignee: Sean Owen  (was: Apache Spark)

> Remove .md5 files from release
> ------------------------------
>
>                 Key: SPARK-23601
>                 URL: https://issues.apache.org/jira/browse/SPARK-23601
>             Project: Spark
>          Issue Type: Task
>          Components: Build
>    Affects Versions: 2.4.0
>            Reporter: Sean Owen
>            Assignee: Sean Owen
>            Priority: Minor
>
> Per email from Henk to PMCs:
> {code}
>    The Release Distribution Policy[1] changed regarding checksum files.
>     See under "Cryptographic Signatures and Checksums Requirements" [2].
>       MD5-file == a .md5 file
>       SHA-file == a .sha1, sha256 or .sha512 file
>    Old policy :
>       -- MUST provide a MD5-file
>       -- SHOULD provide a SHA-file [SHA-512 recommended]
>    New policy :
>       -- MUST provide a SHA- or MD5-file
>       -- SHOULD provide a SHA-file
>       -- SHOULD NOT provide a MD5-file
>       Providing MD5 checksum files is now discouraged for new releases,
>       but still allowed for past releases.
>    Why this change :
>       -- MD5 is broken for many purposes ; we should move away from it.
>          https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues
>    Impact for PMCs :
>       -- for new releases :
>          -- please do provide a SHA-file (one or more, if you like)
>          -- do NOT provide a MD5-file
>       -- for past releases :
>          -- you are not required to change anything
>          -- for artifacts accompanied by a SHA-file /and/ a MD5-file,
>             it would be nice if you removed the MD5-file
>       -- if, at the moment, you provide MD5-files,
>          please adjust your release tooling.
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org


Mime
View raw message