Re: Release policy updates
Issue [1] created. [1] https://issues.apache.org/jira/browse/IGNITE-9346 пн, 20 авг. 2018 г. в 17:27, Denis Magda : > Yes, let’s just remove md5. Will you create the ticket and handle this for > 2.7? > > Denis > > On Monday, August 20, 2018, Anton Vinogradov wrote: > > > Denis, > > > > Currently we provide md5 and sha512 [1]. > > Should we just get rid of md5? > > > > [1] https://www.apache.org/dist/ignite/2.6.0/ > > > > сб, 18 авг. 2018 г. в 3:51, Denis Magda : > > > >> Peter, Anton V, Igniters, > >> > >> The board communicated the following release policy changes: > >> -- for new releases : > >> -- you MUST supply a SHA-256 and/or SHA-512 file > >> -- you SHOULD NOT supply MD5 or SHA-1 files > >> > >> Are we good? More details are below. > >> > >> > >> > >> > >> *2 Release Dist Policy Changes (Q? us...@infra.apache.org) > >> --- > >> > >> The Release Distribution Policy[1] changed regarding checksum files. > >> See under "Cryptographic Signatures and Checksums Requirements" [2]. > >> > >> Note that "MUST", "SHOULD", "SHOULD NOT" are technical terms ; > >> not just emphasized words ; for an explanation see RFC-2119 [3]. > >> > >> Old policy : > >> > >> -- SHOULD supply a SHA checksum file > >> -- SHOULD NOT supply a MD5 checksum file > >> > >> New policy : > >> > >> -- SHOULD supply a SHA-256 and/or SHA-512 checksum file > >> -- SHOULD NOT supply MD5 or SHA-1 checksum files > >> > >> Why this change ? > >> > >> -- Like MD5, SHA-1 is too broken ; we should move away from it. > >> > >> Impact for PMCs : > >> > >> -- for new releases : > >> -- you MUST supply a SHA-256 and/or SHA-512 file > >> -- you SHOULD NOT supply MD5 or SHA-1 files > >> > >> -- for past releases : > >> -- you are not required to change anything ; > >> -- it would be nice if you fixed your dist area ; > >> start with : cleanup ; rename .sha's ; remove .md5's > >> > > >
Re: Release policy updates
Yes, let’s just remove md5. Will you create the ticket and handle this for 2.7? Denis On Monday, August 20, 2018, Anton Vinogradov wrote: > Denis, > > Currently we provide md5 and sha512 [1]. > Should we just get rid of md5? > > [1] https://www.apache.org/dist/ignite/2.6.0/ > > сб, 18 авг. 2018 г. в 3:51, Denis Magda : > >> Peter, Anton V, Igniters, >> >> The board communicated the following release policy changes: >> -- for new releases : >> -- you MUST supply a SHA-256 and/or SHA-512 file >> -- you SHOULD NOT supply MD5 or SHA-1 files >> >> Are we good? More details are below. >> >> >> >> >> *2 Release Dist Policy Changes (Q? us...@infra.apache.org) >> --- >> >> The Release Distribution Policy[1] changed regarding checksum files. >> See under "Cryptographic Signatures and Checksums Requirements" [2]. >> >> Note that "MUST", "SHOULD", "SHOULD NOT" are technical terms ; >> not just emphasized words ; for an explanation see RFC-2119 [3]. >> >> Old policy : >> >> -- SHOULD supply a SHA checksum file >> -- SHOULD NOT supply a MD5 checksum file >> >> New policy : >> >> -- SHOULD supply a SHA-256 and/or SHA-512 checksum file >> -- SHOULD NOT supply MD5 or SHA-1 checksum files >> >> Why this change ? >> >> -- Like MD5, SHA-1 is too broken ; we should move away from it. >> >> Impact for PMCs : >> >> -- for new releases : >> -- you MUST supply a SHA-256 and/or SHA-512 file >> -- you SHOULD NOT supply MD5 or SHA-1 files >> >> -- for past releases : >> -- you are not required to change anything ; >> -- it would be nice if you fixed your dist area ; >> start with : cleanup ; rename .sha's ; remove .md5's >> >
Re: Release policy updates
Denis, Currently we provide md5 and sha512 [1]. Should we just get rid of md5? [1] https://www.apache.org/dist/ignite/2.6.0/ сб, 18 авг. 2018 г. в 3:51, Denis Magda : > Peter, Anton V, Igniters, > > The board communicated the following release policy changes: > -- for new releases : > -- you MUST supply a SHA-256 and/or SHA-512 file > -- you SHOULD NOT supply MD5 or SHA-1 files > > Are we good? More details are below. > > > > > *2 Release Dist Policy Changes (Q? us...@infra.apache.org) > --- > > The Release Distribution Policy[1] changed regarding checksum files. > See under "Cryptographic Signatures and Checksums Requirements" [2]. > > Note that "MUST", "SHOULD", "SHOULD NOT" are technical terms ; > not just emphasized words ; for an explanation see RFC-2119 [3]. > > Old policy : > > -- SHOULD supply a SHA checksum file > -- SHOULD NOT supply a MD5 checksum file > > New policy : > > -- SHOULD supply a SHA-256 and/or SHA-512 checksum file > -- SHOULD NOT supply MD5 or SHA-1 checksum files > > Why this change ? > > -- Like MD5, SHA-1 is too broken ; we should move away from it. > > Impact for PMCs : > > -- for new releases : > -- you MUST supply a SHA-256 and/or SHA-512 file > -- you SHOULD NOT supply MD5 or SHA-1 files > > -- for past releases : > -- you are not required to change anything ; > -- it would be nice if you fixed your dist area ; > start with : cleanup ; rename .sha's ; remove .md5's >
Release policy updates
Peter, Anton V, Igniters, The board communicated the following release policy changes: -- for new releases : -- you MUST supply a SHA-256 and/or SHA-512 file -- you SHOULD NOT supply MD5 or SHA-1 files Are we good? More details are below. *2 Release Dist Policy Changes (Q? us...@infra.apache.org) --- The Release Distribution Policy[1] changed regarding checksum files. See under "Cryptographic Signatures and Checksums Requirements" [2]. Note that "MUST", "SHOULD", "SHOULD NOT" are technical terms ; not just emphasized words ; for an explanation see RFC-2119 [3]. Old policy : -- SHOULD supply a SHA checksum file -- SHOULD NOT supply a MD5 checksum file New policy : -- SHOULD supply a SHA-256 and/or SHA-512 checksum file -- SHOULD NOT supply MD5 or SHA-1 checksum files Why this change ? -- Like MD5, SHA-1 is too broken ; we should move away from it. Impact for PMCs : -- for new releases : -- you MUST supply a SHA-256 and/or SHA-512 file -- you SHOULD NOT supply MD5 or SHA-1 files -- for past releases : -- you are not required to change anything ; -- it would be nice if you fixed your dist area ; start with : cleanup ; rename .sha's ; remove .md5's
