[jira] [Updated] (RANGER-2241) Fix release build scripts to conform to latest Apache release guidelines - Part 2 - Remove sha1

Thu, 04 Oct 2018 12:12:25 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2241:
-----------------------------------------
    Description: 
Fix the release build scripts to conform to the Apache release guidelines 
surrounding hashes:

[http://www.apache.org/dev/release-distribution#sigs-and-sums]

<<<

For every artifact distributed to the public through Apache channels, the PMC
 * MUST supply a 
[valid|http://www.apache.org/dev/release-signing#verifying-signature] 
[OpenPGP-compatible ASCII-armored detached 
signature|http://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig] 
file
 * MUST supply at least one checksum file
 * SHOULD supply a [SHA-256 and/or 
SHA-512|http://www.apache.org/dev/release-signing#sha-checksum] checksum file
 * SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are deprecated)

 >>>

  was:
Fix the release build scripts to conform to the Apache release guidelines 
surrounding hashes:

[http://www.apache.org/dev/release-distribution#sigs-and-sums]

The names of signature and checksum files MUST be formed by adding to the

name of the artifact the following suffixes:

   - .asc for a (ASCII armored) PGP signature

   - .sha1 for a SHA-1 checksum

   - .sha256 for a SHA-256 checksum

   - .sha512 for a SHA-512 checksum

   - .md5 for a MD5 checksum

 


> Fix release build scripts to conform to latest Apache release guidelines - 
> Part 2 - Remove sha1
> -----------------------------------------------------------------------------------------------
>
>                 Key: RANGER-2241
>                 URL: https://issues.apache.org/jira/browse/RANGER-2241
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Colm O hEigeartaigh
>            Assignee: Velmurugan Periasamy
>            Priority: Major
>             Fix For: 1.0.1, 2.0.0, 1.1.1, 1.2.1
>
>
> Fix the release build scripts to conform to the Apache release guidelines 
> surrounding hashes:
> [http://www.apache.org/dev/release-distribution#sigs-and-sums]
> <<<
> For every artifact distributed to the public through Apache channels, the PMC
>  * MUST supply a 
> [valid|http://www.apache.org/dev/release-signing#verifying-signature] 
> [OpenPGP-compatible ASCII-armored detached 
> signature|http://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig] 
> file
>  * MUST supply at least one checksum file
>  * SHOULD supply a [SHA-256 and/or 
> SHA-512|http://www.apache.org/dev/release-signing#sha-checksum] checksum file
>  * SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are 
> deprecated)
>  >>>



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to