[ https://issues.apache.org/jira/browse/OAK-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16196683#comment-16196683 ]
Davide Giannella commented on OAK-6650: --------------------------------------- managed to manually check we have {{sha1}} extension by applying the following patch on top of the feature branch and running {{mvn clean install -Papache-release -DskipTests}} {noformat} diff --git a/pom.xml b/pom.xml index 3b631c42b3..24d8bf2d95 100644 --- a/pom.xml +++ b/pom.xml @@ -182,7 +182,7 @@ <goals> <goal>run</goal> </goals> - <phase>deploy</phase> + <phase>package</phase> <configuration> <tasks> <mkdir dir="${basedir}/target/${project.version}" /> {noformat} > new release checksum requirements > --------------------------------- > > Key: OAK-6650 > URL: https://issues.apache.org/jira/browse/OAK-6650 > Project: Jackrabbit Oak > Issue Type: Improvement > Reporter: Davide Giannella > Assignee: Davide Giannella > Labels: candidate_oak_1_0, candidate_oak_1_2, candidate_oak_1_4, > candidate_oak_1_6 > Fix For: 1.8 > > > As of various SHA algorithm the Apache policies around signatures and > checksums changed requiring to specify the sha algorithm as part of the file > extension: sha1, sha256, sha512. > http://www.apache.org/dev/release-distribution#sigs-and-sums > currently Oak signs with sha-1 and we should at least change the file > extension > h3. impacted areas > - release process (pom.xml) > - check release > - html download page -- This message was sent by Atlassian JIRA (v6.4.14#64029)