On 14/01/2008, sebb <[EMAIL PROTECTED]> wrote: > On 14/01/2008, Jukka Zitting <[EMAIL PROTECTED]> wrote: > > Hi, > > > > On Jan 14, 2008 12:58 PM, sebb <[EMAIL PROTECTED]> wrote: > > > The NOTICE files need to be updated for 2008, i.e. replace 2007 with > > > 2007-2008 on line 3. > > > > The release was rolled on Jan 4th and there are no code changes since > > 2007, so I'd consider this at best a minor issue, probably even better > > to let the date remain 2007. > > Well, the Ant files seem to have been changed in 2008. > > > > The hash files use a format which is difficult to use, as the hashes > > > may be split over two lines. > > > > Not a blocker IMHO, but something we may want to change in future releases. > > Agreed that it's not a blocker. The files can even be fixed manually if > desired. > > > I guess the checksums were generated with default Solaris tools. You > > can use "openssl md5" and "openssl sha1" to generate checksum output > > in the format Sebastian described. > > Well, the format is closer, as the hash is not broken over two lines, > for example: > > MD5(filename)= 464069695e3ac4998898d0633f8df032 > > > > Also the SHA1 hashes normally have the suffix ".sha1" rather than ".sha" > > > > Actually the suffix should be ".sha" and not ".sha1". See the "not > > normative" policy (a recommendation? :-) described in > > http://www.apache.org/dev/release-signing.html#policy. > > OK, I had not noticed that. >
The document refers to SHA digests, not SHA-1 digests specifically. Further investigation shows that these are not the same, at least for openssl: pwd ~ : openssl sha /dev/null SHA(/dev/null)= f96cea198ad1dd5617ac084a3d92c6107708c0ef pwd ~ : openssl sha1 /dev/null SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709 pwd ~ : [I assume that "openssl sha" means SHA-0, but I could be wrong] The document does not mention openssl, and gpg does not seem to support SHA digests (whatever those may be), so presumably SHA means SHA-1 in the document. > Clearly a lot of other projects have not noticed either as there are > 213 sha and 776 sha1 files under /www/www.apache.org/dist/ - so my > statement was literally correct ;-) > > > BR, > > > > Jukka Zitting > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]