[ https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399576#comment-16399576 ]
Robert Kanter commented on OOZIE-3189: -------------------------------------- Test failures are unrelated > Update the release script and wiki page to use sha512 instead of md5 > -------------------------------------------------------------------- > > Key: OOZIE-3189 > URL: https://issues.apache.org/jira/browse/OOZIE-3189 > Project: Oozie > Issue Type: Improvement > Components: scripts > Reporter: Robert Kanter > Assignee: Robert Kanter > Priority: Blocker > Fix For: 5.0.0 > > Attachments: OOZIE-3189.001.patch, OOZIE-3189.002.patch > > > Apache has updated it's policy on the release signatures, as per it's website > [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a > recent email. Basically, all future releases should be providing a sha512 > checksum instead of an md5 one. > There are two tasks: > # Update the release script to use sha512 instead of md5 > [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71] > [https://www.apache.org/dev/release-signing#sha-checksum] > # Update the wiki (requires committer/pmc permissions?) > [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release] > While we're updating the wiki, we should add details on: > # Making sure the gpg key used for signing releases is 4096 bit RSA > # Publishing your gpg public key to a key server > ([https://www.apache.org/dev/release-signing#keyserver]) -- This message was sent by Atlassian JIRA (v7.6.3#76005)