[jira] [Commented] (DERBY-6973) Provide SHA-512 checksums on future releases

Thu, 29 Nov 2018 11:55:26 -0800 


    [ 
https://issues.apache.org/jira/browse/DERBY-6973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16703722#comment-16703722
 ] 

Rick Hillegas commented on DERBY-6973:
--------------------------------------

Attaching SUBMISSIONS/derby-6973-01-aa-useSHA512.diff. This patch updates the 
release-signing step to generate SHA-512 checksums rather than MD5 checksums.

As part of this patch, I have updated the footer (releaseSummary.xml) which 
appears at the end of our download pages. I have replaced the instructions for 
verifying MD5 checksums with corresponding instructions for how to verify 
SHA-512 checksums. The single, platform-neutral MD5 instructions have been 
replaced with references to separate tools for Mac OSX, Linux, and Windows. I 
have verified the Mac OSX tool. Others may want to verify the Linux and Windows 
tools.

Touches the following files:

{noformat}
---------------------------
M       tools/release/build.xml

Generate SHA-512 checksums instead of MD5 checksums for the release 
distributions.

---------------------------

M       releaseSummary.xml

Remove the verbiage about verifying MD5 checksums which appears at the
end of all of our release notes. Instead, replace this verbiage with a
description of how to verify the SHA-512 checksums.

---------------------------

M       java/build/org/apache/derbyBuild/ReleaseNotesTransformer.java

Replace the MD5 links with SHA-512 links in the boilerplate used to
create download pages for our releases.
{noformat}


> Provide SHA-512 checksums on future releases
> --------------------------------------------
>
>                 Key: DERBY-6973
>                 URL: https://issues.apache.org/jira/browse/DERBY-6973
>             Project: Derby
>          Issue Type: Bug
>          Components: Web Site
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 
> 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, 
> 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1, 10.8.1.2, 
> 10.8.2.2, 10.8.3.0, 10.9.1.0, 10.10.1.1, 10.10.2.0, 10.11.1.1, 10.12.1.1, 
> 10.13.1.1, 10.14.1.0, 10.15.0.0
>            Reporter:  Warren MacEvoy
>            Assignee: Rick Hillegas
>            Priority: Major
>         Attachments: derby-6973-01-aa-useSHA512.diff
>
>
> Releases have md5 sum for signatures, and nothing modern.  How is this even 
> possible?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to