Hi, >From an Apache standpoint, there are no strong requirements with a particular hash, but it's required to have any mechanism to verify source artifacts. So, as it's an easy fix, I agree that it would be better to cancel this vote to include sha512 hash on source artifacts.
Regards JB On Wed, Mar 2, 2022 at 9:44 PM Benjamin Marwell <[email protected]> wrote: > -1, sadly, because: > > [SHIRO-838] - Create SHA512-Hashes > > They are not attached. > However, those hashes are required by the ASF (sha256 and sha512 to be > exact). > We currently have none of those attached. > > François and I found out we were using an outdated version of the Apache > parent pom. > > So we need to: > 1. Update to a later Apache parent pom > 2. Add sha256 in the configuration > > This shouldn't be much work though. > > - Ben > > On Wed, 2 Mar 2022, 09:17 Francois Papon, <[email protected]> > wrote: > > > This is a call to vote in favor of releasing Apache Shiro version 1.9.0. > > > > We solved 20 issues for 1.9.0: > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639 > > < > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639 > > > > > > > Bug > > > > [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in > > the same Configuration > > [SHIRO-845] - Dependencies for test-jars missing > > > > Improvement > > > > [SHIRO-804] - Avoid conflicts with spring boot aop > > [SHIRO-836] - Delete jsecurty-sample.jks > > [SHIRO-838] - Create SHA512-Hashes > > [SHIRO-846] - Creation of site takes very long time > > [SHIRO-848] - Relative Path in pom.xml is not needed > > [SHIRO-850] - The profile name jdk19-plus is misleading > > [SHIRO-851] - Handling properties for compile/enconding vs. default > > configurations of plugins > > [SHIRO-852] - Configuration for maven-release-plugin prepationGoal > > should be changed > > [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are > > not in sync > > [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin > > can be reduced to default > > [SHIRO-860] - update logback to 1.2.10 > > [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs > > > > Task > > > > [SHIRO-841] - NullPointerException from > > SessionsSecurityManager.start() > > [SHIRO-867] - Skip Deployment of integration-test and samples > > artifacts > > > > Dependency upgrade > > > > [SHIRO-828] - aspectj-maven-plugin 1.14.0 > > [SHIRO-842] - shiro-web depends on older log4j > > [SHIRO-843] - Update maven-project-info-reports > > [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1 > > > > > > The source to be voted upon: > > https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1 > > > > Staging repo for binaries: > > https://repository.apache.org/content/repositories/orgapacheshiro-1038 > > > > Project website (just for informational purposes, not to be voted upon): > > http://shiro.apache.org/ > > > > Guide to testing staged releases: > > http://maven.apache.org/guides/development/guide-testing-releases.html > > > > Vote open for 72 hours. Please examine the source and binaries before > > voting. > > > > [ ] +1 > > [ ] +0 > > [ ] -1 (please include reasoning) > > > > >
