[Bug 62695] New: Provide sha512 for Tomcat releases published to Maven

bugzilla Fri, 07 Sep 2018 07:04:49 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=62695


            Bug ID: 62695
           Summary: Provide sha512 for Tomcat releases published to Maven
           Product: Tomcat 9
           Version: 9.0.x
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Packaging
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: -----

Reviewing release candidates for Tomcat 8.5.34, 9.0.12, their artifacts at
Maven staging repository have only md5 and sha1 checksums.

This can bee seen here:
[1]
https://repository.apache.org/content/repositories/orgapachetomcat-1193/org/apache/tomcat/tomcat/9.0.12/
[2]
https://repository.apache.org/content/repositories/orgapachetomcat-1194/org/apache/tomcat/tomcat/8.5.34/

The new distribution requirements at ASF has been discussed elsewhere and I
know that for Apache Parent POM the feature to implement more secure checksums
is tracked as
[3] https://issues.apache.org/jira/browse/MPOM-205


The project fro Apache Parent POM is
[4] https://maven.apache.org/pom/asf/

At [4] scroll down for "History" and see the "diff" link for changes between
versions 21 and 20. A step was added to manually generate *.sha512 files at
build time.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 62695] New: Provide sha512 for Tomcat releases published to Maven

Reply via email to