Le 15/08/2018 à 20:55, Stefan Seelmann a écrit : > On 08/15/2018 08:52 PM, Emmanuel Lécharny wrote: >> Hi, >> >> there is a requirement regarding the reeases: MD5 signatures must be >> removed for old releases : >> >> -- for past releases : >> -- you are not required to change anything ; >> -- it would be nice if you fixed your dist area ; >> -- start with : cleanup ; rename .sha's ; remove .md5's >> >> Here is a page listing the projects reeases that requires to be cleaned up: >> >> https://checker.apache.org/projs/directory.html >> >> I have started the removal of md5 signatures (for studio). >> >> Now, I can also re-sign all the packages with SHA-256 and SHA-512,but >> i'm not sure it's really required. >> >> One of the implication is that the web pages have to be updated, >> something I can take care of. >> >> WDYT ? > > Is it urgent?
No. Or sufficient to do when we anyway publish a new release? It's disconnected, IMO. We have to do it anyway, and the impact is low. Regarding the MD5 removal, it's pretty trivial. I'm more concerned about re-signing the old packages. > I mean ApacheDS should be released in 2 days, Studio will follow soon, A > Kerby release seems also to be in preparation. In any case, we can wait before updating the web site - or at least to publish it. -- Emmanuel Lecharny Symas.com directory.apache.org
pEpkey.asc
Description: application/pgp-keys
