[ https://issues.apache.org/jira/browse/BROOKLYN-597?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Downer reassigned BROOKLYN-597: --------------------------------------- Assignee: Geoff Macartney (was: Richard Downer) > Remove MD5 and SHA-1 checksums > ------------------------------- > > Key: BROOKLYN-597 > URL: https://issues.apache.org/jira/browse/BROOKLYN-597 > Project: Brooklyn > Issue Type: Improvement > Affects Versions: 0.12.0 > Reporter: Geoff Macartney > Assignee: Geoff Macartney > Priority: Major > > Per the recently updated Apache Release Distribution Policy, > [https://www.apache.org/dev/release-distribution], we should remove the > generation and checking of MD5 and SHA-1 checksums from brooklyn-dist/release > before we do another release, presumably 1.0. > The relevant wording is > {quote}For every artifact distributed to the public through Apache channels, > the PMC > * MUST supply a > [valid|https://www.apache.org/dev/release-signing#verifying-signature] > [OpenPGP-compatible ASCII-armored detached > signature|https://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig] > file > * MUST supply at least one checksum file > * SHOULD supply a [SHA-256 and/or > SHA-512|https://www.apache.org/dev/release-signing#sha-checksum] checksum file > * SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are > deprecated) > For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT > supply MD5 or SHA-1. Existing releases do not need to be changed. > {quote} -- This message was sent by Atlassian Jira (v8.3.4#803005)