Issue [1] created. [1] https://issues.apache.org/jira/browse/IGNITE-9346
пн, 20 авг. 2018 г. в 17:27, Denis Magda <dma...@gridgain.com>: > Yes, let’s just remove md5. Will you create the ticket and handle this for > 2.7? > > Denis > > On Monday, August 20, 2018, Anton Vinogradov <a...@apache.org> wrote: > > > Denis, > > > > Currently we provide md5 and sha512 [1]. > > Should we just get rid of md5? > > > > [1] https://www.apache.org/dist/ignite/2.6.0/ > > > > сб, 18 авг. 2018 г. в 3:51, Denis Magda <dma...@apache.org>: > > > >> Peter, Anton V, Igniters, > >> > >> The board communicated the following release policy changes: > >> -- for new releases : > >> -- you MUST supply a SHA-256 and/or SHA-512 file > >> -- you SHOULD NOT supply MD5 or SHA-1 files > >> > >> Are we good? More details are below. > >> > >> > >> > >> > >> *2 Release Dist Policy Changes (Q? us...@infra.apache.org) > >> ----------------------------------------------------------------------- > >> > >> The Release Distribution Policy[1] changed regarding checksum files. > >> See under "Cryptographic Signatures and Checksums Requirements" [2]. > >> > >> Note that "MUST", "SHOULD", "SHOULD NOT" are technical terms ; > >> not just emphasized words ; for an explanation see RFC-2119 [3]. > >> > >> Old policy : > >> > >> -- SHOULD supply a SHA checksum file > >> -- SHOULD NOT supply a MD5 checksum file > >> > >> New policy : > >> > >> -- SHOULD supply a SHA-256 and/or SHA-512 checksum file > >> -- SHOULD NOT supply MD5 or SHA-1 checksum files > >> > >> Why this change ? > >> > >> -- Like MD5, SHA-1 is too broken ; we should move away from it. > >> > >> Impact for PMCs : > >> > >> -- for new releases : > >> -- you MUST supply a SHA-256 and/or SHA-512 file > >> -- you SHOULD NOT supply MD5 or SHA-1 files > >> > >> -- for past releases : > >> -- you are not required to change anything ; > >> -- it would be nice if you fixed your dist area ; > >> start with : cleanup ; rename .sha's ; remove .md5's > >> > > >
