[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New release distribution checksum policy

On Fri, 24 Aug 2018 15:13:22 +0200, Benedikt Ritter wrote:
Hi Thomas,

Am Fr., 24. Aug. 2018 um 13:13 Uhr schrieb Thomas Vandahl <tv@xxxxxxxxxx>:

Hi Benedikt,

On 23.08.18 18:25, Benedikt Ritter wrote:
> Am Do., 23. Aug. 2018 um 09:16 Uhr schrieb Thomas Vandahl <tv@xxxxxxxxxx
>> Shall we use this for commons-parent?
> Sounds reasonable to me.

If I'm not mistaken, the requirement for SHA-512 checksums only exists for the source distribution, not the binaries. At least this is what I
derive from Hervés implementation in Apache Parent 21. However, the
plugin configuration only kicks in, if the source release artifact name
ends with "-source-release.[zip|tar*]" From what I see in the latest
votes, Apache Commons uses another naming scheme (I do, too). Shall we

What do you mean? Adapt our artifact naming scheme or adapt what Apache
Parent 21 does? Since SHA-512 checksums are required now,

sha-256 is fine too.

we need to find a
way to implement this :-) I'm not sure what's the best way for that right
now. What do others think?

IIUC, Rob has implemented it in the release plugin.
For example, the "Commons RNG" release has the required checksums:



Bye, Thomas

To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxxxx