struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yasser Zamani (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (WW-4951) MD5 and SHA1 should no longer be provided on download pages
Date Thu, 20 Sep 2018 17:40:00 GMT

    [ https://issues.apache.org/jira/browse/WW-4951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16622394#comment-16622394
] 

Yasser Zamani edited comment on WW-4951 at 9/20/18 5:39 PM:
------------------------------------------------------------

I could automate it via configuration at [1] which automatically upload a {{csv}} file containing
checksums for files in each artifact (e.g. [2] for {{.m2/repository/org/apache/struts/struts2-parent/2.3.36}}).
Is it OK?

[1] root {{pom.xml}}
{code:xml}
            <plugin>
                <groupId>net.nicoulaj.maven.plugins</groupId>
                <artifactId>checksum-maven-plugin</artifactId>
                <version>1.7</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>files</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <algorithms>
                        <algorithm>SHA-256</algorithm>
                        <algorithm>SHA-512</algorithm>
                    </algorithms>
					<csvSummary>true</csvSummary>
					  <fileSets>
						<fileSet>
						  <directory>${project.build.directory}</directory>
						  <includes>
							<include>${project.artifactId}-${project.version}-*.zip</include>
							<include>${project.artifactId}-${project.version}-javadoc.jar</include>
							<include>${project.artifactId}-${project.version}-sources.jar</include>
							<include>${project.artifactId}-${project.version}.jar</include>
							<include>${project.artifactId}-${project.version}.pom</include>
						  </includes>
						</fileSet>
					  </fileSets>
					  <failIfNoFiles>false</failIfNoFiles><!-- usually, no file to do checksum:
don't consider error -->
					  <individualFiles>false</individualFiles>
                </configuration>
            </plugin>
{code}
[2] {{.m2/repository/org/apache/struts/struts2-parent/2.3.36/struts2-parent-2.3.36.csv}}
{code:none}
#File,SHA-256,SHA-512
struts2-parent-2.3.36-source-release.zip,61d5bdc80575a87f6d23a2c4ba826fbc383285bf4bed92a685c4f950ce674e83,8bfc87b216b628cea72d7ccf2cbe021206b957f654820b2ce7c45f735ed283d07d026770937cc1d12f60ac9a2578a64213db722d1b45d090b79a1f2dd47fc98b
struts2-parent-2.3.36.pom,9b0e1fadd6a6008f7aa927c8485e8f2559f961895980f37b27d519387ee032fe,8c770713d7d4aa97e6535ed813b92c03e3ad959755e5d04ea3f1f97fc2030debda7923773af5841d56de8321252851aa359a69c97cc7d46b852fe81da8db293d
{code}


was (Author: yasser.zamani):
I could automate it via configuration at [1] which automatically upload a {{csv}} file containing
checksums for files in each artifact (e.g. [2] for {{.m2/repository/org/apache/struts/struts2-parent/2.3.36}}).
Is it OK?

[1] root {{pom.xml}}
{code:xml}
            <plugin>
                <groupId>net.nicoulaj.maven.plugins</groupId>
                <artifactId>checksum-maven-plugin</artifactId>
                <version>1.7</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>files</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <algorithms>
                        <algorithm>SHA-256</algorithm>
                        <algorithm>SHA-512</algorithm>
                    </algorithms>
					<csvSummary>false</csvSummary>
					  <fileSets>
						<fileSet>
						  <directory>${project.build.directory}</directory>
						  <includes>
							<include>${project.artifactId}-${project.version}-*.zip</include>
							<include>${project.artifactId}-${project.version}-javadoc.jar</include>
							<include>${project.artifactId}-${project.version}-sources.jar</include>
							<include>${project.artifactId}-${project.version}.jar</include>
							<include>${project.artifactId}-${project.version}.pom</include>
						  </includes>
						</fileSet>
					  </fileSets>
					  <failIfNoFiles>false</failIfNoFiles><!-- usually, no file to do checksum:
don't consider error -->
					  <individualFiles>false</individualFiles>
                </configuration>
            </plugin>
{code}


[2] {{.m2/repository/org/apache/struts/struts2-parent/2.3.36/struts2-parent-2.3.36.csv}}
{code:none}
#File,SHA-256,SHA-512
struts2-parent-2.3.36-source-release.zip,61d5bdc80575a87f6d23a2c4ba826fbc383285bf4bed92a685c4f950ce674e83,8bfc87b216b628cea72d7ccf2cbe021206b957f654820b2ce7c45f735ed283d07d026770937cc1d12f60ac9a2578a64213db722d1b45d090b79a1f2dd47fc98b
struts2-parent-2.3.36.pom,9b0e1fadd6a6008f7aa927c8485e8f2559f961895980f37b27d519387ee032fe,8c770713d7d4aa97e6535ed813b92c03e3ad959755e5d04ea3f1f97fc2030debda7923773af5841d56de8321252851aa359a69c97cc7d46b852fe81da8db293d
{code}

> MD5  and SHA1 should no longer be provided on download pages
> ------------------------------------------------------------
>
>                 Key: WW-4951
>                 URL: https://issues.apache.org/jira/browse/WW-4951
>             Project: Struts 2
>          Issue Type: Bug
>            Reporter: Sebb
>            Priority: Major
>             Fix For: 2.6, 2.3.36, 2.5.18
>
>
> As the subject says:
> MD5  and SHA1 are deprecated and should no longer be provided on download pages:
> http://www.apache.org/dev/release-distribution#sigs-and-sums



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message