[ https://issues.apache.org/jira/browse/RANGER-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Velmurugan Periasamy updated RANGER-2241: ----------------------------------------- Description: Fix the release build scripts to conform to the Apache release guidelines surrounding hashes: [http://www.apache.org/dev/release-distribution#sigs-and-sums] <<< For every artifact distributed to the public through Apache channels, the PMC * MUST supply a [valid|http://www.apache.org/dev/release-signing#verifying-signature] [OpenPGP-compatible ASCII-armored detached signature|http://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig] file * MUST supply at least one checksum file * SHOULD supply a [SHA-256 and/or SHA-512|http://www.apache.org/dev/release-signing#sha-checksum] checksum file * SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are deprecated) >>> was: Fix the release build scripts to conform to the Apache release guidelines surrounding hashes: [http://www.apache.org/dev/release-distribution#sigs-and-sums] The names of signature and checksum files MUST be formed by adding to the name of the artifact the following suffixes: - .asc for a (ASCII armored) PGP signature - .sha1 for a SHA-1 checksum - .sha256 for a SHA-256 checksum - .sha512 for a SHA-512 checksum - .md5 for a MD5 checksum > Fix release build scripts to conform to latest Apache release guidelines - > Part 2 - Remove sha1 > ----------------------------------------------------------------------------------------------- > > Key: RANGER-2241 > URL: https://issues.apache.org/jira/browse/RANGER-2241 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Colm O hEigeartaigh > Assignee: Velmurugan Periasamy > Priority: Major > Fix For: 1.0.1, 2.0.0, 1.1.1, 1.2.1 > > > Fix the release build scripts to conform to the Apache release guidelines > surrounding hashes: > [http://www.apache.org/dev/release-distribution#sigs-and-sums] > <<< > For every artifact distributed to the public through Apache channels, the PMC > * MUST supply a > [valid|http://www.apache.org/dev/release-signing#verifying-signature] > [OpenPGP-compatible ASCII-armored detached > signature|http://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig] > file > * MUST supply at least one checksum file > * SHOULD supply a [SHA-256 and/or > SHA-512|http://www.apache.org/dev/release-signing#sha-checksum] checksum file > * SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are > deprecated) > >>> -- This message was sent by Atlassian JIRA (v7.6.3#76005)