On Fri, 2016-06-03 at 16:20 -0700, Konstantin Boudnik wrote:
> +1 [binding]
>
> signature is ok
> sha1 is ok
> rat is ok
> builds and produces functional binaries
>
> One small note: sha1 and md5 aren't considered secure, it'd make
> sense to
> switch into gpg generated checksums, perhaps. I can
On Fri, 2016-06-03 at 19:20 +0200, Cédric Champeau wrote:
> […]
>
> [ ] +1 Release Apache Groovy 2.4.7
> [ ] 0 I don't have a strong opinion about this, but I assume it's ok
> [ ] -1 Do not release Apache Groovy 2.4.7
I cannot check the artefacts directly myself just now, others can and
will I a
what does this mean to the avg hacker ? do we need to fix our kit anyway ?
On 4 June 2016 at 10:50, Russel Winder wrote:
> On Fri, 2016-06-03 at 16:20 -0700, Konstantin Boudnik wrote:
> > +1 [binding]
> >
> > signature is ok
> > sha1 is ok
> > rat is ok
> > builds and produces functional binarie
On Sat, 2016-06-04 at 10:53 +0200, jim northrop wrote:
> what does this mean to the avg hacker ? do we need to fix our kit
> anyway ?
>
For those who download and check signatures, SHA1 and MD5 are
unreliable and provide very weak confidence.
I am not sure what stance Gradle, Maven, and Ant take
+1
On 4 Jun 2016 11:54, "Russel Winder" wrote:
> On Sat, 2016-06-04 at 10:53 +0200, jim northrop wrote:
> > what does this mean to the avg hacker ? do we need to fix our kit
> > anyway ?
> >
>
> For those who download and check signatures, SHA1 and MD5 are
> unreliable and provide very weak confi
On 6/4/16 2:54 AM, Russel Winder wrote:
>
> For those who download and check signatures, SHA1 and MD5 are
> unreliable and provide very weak confidence.
>
> I am not sure what stance Gradle, Maven, and Ant take on signature
> checking, do they do any signature checking at all?
The only signature
On 6/4/16 2:54 AM, Russel Winder wrote:
>
> For those who download and check signatures, SHA1 and MD5 are
> unreliable and provide very weak confidence.
>
> I am not sure what stance Gradle, Maven, and Ant take on signature
> checking, do they do any signature checking at all?
>
The only signature
+1
On Fri, Jun 3, 2016 at 7:20 PM, Cédric Champeau
wrote:
> Dear community,
>
> I am happy to start the VOTE thread for the long awaited Apache Groovy
> 2.4.7!
> This release includes numerous bugfixes for which list can be found here:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?pro
