Yeah, we supply SHA512 sum and GPG signature for the tarballs. But I don’t think we need to supply checksum for the GPG signatures too.
Here: https://archive.apache.org/dist/zookeeper/zookeeper-3.5.5/ Andor > On 2019. Oct 9., at 17:54, Jordan Zimmerman <jor...@jordanzimmerman.com> > wrote: > > It's required by the Apache Release process: > > http://www.apache.org/dev/release-distribution > <http://www.apache.org/dev/release-distribution> > > For every artifact distributed to the public through Apache channels, the PMC > > • MUST supply a valid OpenPGP-compatible ASCII-armored detached > signature file > • MUST supply at least one checksum file > • SHOULD supply a SHA-256 and/or SHA-512 checksum file > • SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are > deprecated) > > For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT > supply MD5 or SHA-1. Existing releases do not need to be changed. > >> On Oct 9, 2019, at 6:50 PM, Andor Molnar <an...@apache.org> wrote: >> >> Checking. >> Why do we generated SHA512 sums for the gpg signatures? >> Is that intentional? >> >> Andor >> >> >> >>> On 2019. Oct 8., at 22:36, Enrico Olivelli <eolive...@gmail.com> wrote: >>> >>> This is a bugfix release candidate for 3.5.6. >>> >>> It fixes 29 issues, including upgrade of third party libraries, >>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4 >>> and better procedure for the upgrade of servers from 3.4 to 3.5. >>> >>> The full release notes is available at: >>> >>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12345243 >>> >>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. *** >>> >>> Source files: >>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4 >>> >>> Maven staging repo: >>> https://repository.apache.org/content/repositories/orgapachezookeeper-1044 >>> >>> The release candidate tag in git to be voted upon: release-3.5.6-rc4 >>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4 >>> >>> ZooKeeper's KEYS file containing PGP keys we use to sign the release: >>> https://www.apache.org/dist/zookeeper/KEYS >>> >>> Should we release this candidate? >>> >>> Enrico Olivelli >> >
