[
https://issues.apache.org/jira/browse/IGNITE-13999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17271223#comment-17271223
]
Peter Ivanov edited comment on IGNITE-13999 at 1/25/21, 10:22 AM:
------------------------------------------------------------------
Currently it seem to be impossible to create sha512 hashsums other than use
custom code, which leads to uncertainty in goal — where we really should do it
now.
Infra team is asked for possible solutions:
https://issues.apache.org/jira/browse/INFRA-21336
For now, ticket is on pause until further information available.
was (Author: vveider):
Currently it seem to be impossible to create sha512 hashsums other than use
custom code.
Infra team is asked for possible solutions:
https://issues.apache.org/jira/browse/INFRA-21336
For now, ticket is on pause until further information available.
> Switch to SHA-512 for jar checksum calculation.
> -----------------------------------------------
>
> Key: IGNITE-13999
> URL: https://issues.apache.org/jira/browse/IGNITE-13999
> Project: Ignite
> Issue Type: Improvement
> Components: build
> Reporter: Andrey Mashenkov
> Assignee: Peter Ivanov
> Priority: Major
> Labels: ignite-3
>
> maven-deploy-plugin is responsible for signing jar. However, it seems SHA-1
> is hardcoded there.
> In the latest apache parent pom (org.apache:apache:23) a
> checksum-maven-plugin is used as a workaround to sign jars with SHA-512. But
> it signs only source jar and do not affect binary jar.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
