struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yasser Zamani (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4951) MD5 and SHA1 should no longer be provided on download pages
Date Thu, 20 Sep 2018 12:21:00 GMT

    [ https://issues.apache.org/jira/browse/WW-4951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16621918#comment-16621918
] 

Yasser Zamani commented on WW-4951:
-----------------------------------

[~sebb@apache.org] I see [apache release-distribution#sigs-and-sums|http://www.apache.org/dev/release-distribution#sigs-and-sums]
says: "For every artifact distributed to the public through Apache channels, the PMC SHOULD
supply a SHA-256 and/or SHA-512 checksum file and SHOULD NOT supply a MD5 or SHA-1 checksum
file (because these are deprecated)". Does it mean every file e.g. jar, pom.xml and etc files
uploaded to repository.a.o ? If so, I'm not if it's related but [maven apache parent 21|https://gitbox.apache.org/repos/asf?p=maven-apache-parent.git;a=blobdiff;f=pom.xml;hb=apache-21;hpb=apache-20]
seems not satisfy this (it includes only source releases and [~lukaszlenart] this is why 2.5.18
doesn't generate them for Struts zip files because their name don't follow apache 21 pattern).

> MD5  and SHA1 should no longer be provided on download pages
> ------------------------------------------------------------
>
>                 Key: WW-4951
>                 URL: https://issues.apache.org/jira/browse/WW-4951
>             Project: Struts 2
>          Issue Type: Bug
>            Reporter: Sebb
>            Priority: Major
>             Fix For: 2.6, 2.3.36, 2.5.18
>
>
> As the subject says:
> MD5  and SHA1 are deprecated and should no longer be provided on download pages:
> http://www.apache.org/dev/release-distribution#sigs-and-sums



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message