svn commit: r1837957 - /subversion/site/publish/docs/release-notes/1.11.html

Mon, 13 Aug 2018 07:12:44 -0700 

Author: danielsh
Date: Mon Aug 13 14:12:02 2018
New Revision: 1837957

URL: http://svn.apache.org/viewvc?rev=1837957&view=rev
Log:
Document r1837939.

* docs/release-notes/1.11.html
  (#compat-misc): Uncomment, adjusting the closing tag's comment as required.
  (#no-sha1-in-dist): New section.

Modified:
    subversion/site/publish/docs/release-notes/1.11.html

Modified: subversion/site/publish/docs/release-notes/1.11.html
URL: 
http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.11.html?rev=1837957&r1=1837956&r2=1837957&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.11.html (original)
+++ subversion/site/publish/docs/release-notes/1.11.html Mon Aug 13 14:12:02 
2018
@@ -138,7 +138,6 @@ to the upgrade.</p>
 
 </div>  <!-- wc-upgrade -->
 
-<!-- (This section only makes sense when there are some issues listed in it.)
 <div class="h3" id="compat-misc">
 <h3>Miscellaneous Compatibility Notes
   <a class="sectionlink" href="#compat-misc"
@@ -149,8 +148,24 @@ to the upgrade.</p>
 release might necessitate further adjustment by administrators or
 users.  We'll cover those in this section.</p>
 
-</div>  < !-- compat-misc -- >
--->
+<div class="h4" id="no-sha1-in-dist">
+  <h4>SHA-1 checksums will no longer be published for released artifacts 
(<tt>subversion-<em>1.11.x</em>.tar.*</tt> and 
<tt>subversion-<em>1.11.x</em>.zip</tt>)
+  <a class="sectionlink" href="#no-sha1-in-dist"
+     title="Link to this section">&para;</a>
+</h4>
+
+<p>The release artifacts—<tt>subversion-<em>1.11.x</em>.tar.bz2</tt>,
+                         <tt>subversion-<em>1.11.x</em>.tar.gz</tt>, and
+                         <tt>subversion-<em>1.11.x</em>.zip</tt>—are no 
longer
+accompanied by <tt>*.sha1</tt> files containing SHA-1 checksums, nor will SHA-1
+checksums be advertised on the download page or in release announcements.
+PGP digital signatures and SHA-512 checksums will continue to be provided.</p>
+
+<p>We consider the SHA-1 cryptographic hash function too weak for our 
needs.</p>
+
+</div> <!-- no-sha1-in-dist -->
+
+</div>  <!-- compat-misc -- >
 
 </div>  <!-- compatibility -->

Reply via email to