Re: SHA-512 for Maven deployment

2021-01-15 Thread Petr Ivanov
I will take it over. > On 15 Jan 2021, at 12:37, Andrey Mashenkov wrote: > > I've created a ticket for the issue [1]. > Someone who fully understands the release process may pick it up. > > [1] https://issues.apache.org/jira/browse/IGNITE-13999 > > On Fri, Jan 15, 2021 at 12:01 AM Andrey Mash

Re: SHA-512 for Maven deployment

2021-01-15 Thread Andrey Mashenkov
I've created a ticket for the issue [1]. Someone who fully understands the release process may pick it up. [1] https://issues.apache.org/jira/browse/IGNITE-13999 On Fri, Jan 15, 2021 at 12:01 AM Andrey Mashenkov < andrey.mashen...@gmail.com> wrote: > Val, I didn't found the way to make a local d

Re: SHA-512 for Maven deployment

2021-01-14 Thread Andrey Mashenkov
Val, I didn't found the way to make a local deploy. So I just make 'install'. Yes you are right, only source jar is signed. Seems, we need to configure checksum plugin for signing binary jars as it is done in Maven-parent or any other project. чт, 14 янв. 2021 г., 23:14 Valentin Kulichenko < vale

Re: SHA-512 for Maven deployment

2021-01-14 Thread Valentin Kulichenko
Andrey, Did you try on the 2.x or 3.x? I've just tried to do the same in ignite-3, but it didn't work for me. I've updated the parent pom version to 23 and ran "mvn clean deploy -Papache-release". The source package is now signed with SHA512, which is good, but there was no effect on the JAR arti

Re: SHA-512 for Maven deployment

2021-01-14 Thread Andrey Mashenkov
I've made "mvn clean install" with enabled "apache-release" profile and see *.sha-512 checksum files in target directories. So, upgrading to the latest apache parent looks sufficient. On Thu, Jan 14, 2021 at 12:30 PM Petr Ivanov wrote: > Is seems that parent is already updated in > https://issu

Re: SHA-512 for Maven deployment

2021-01-14 Thread Petr Ivanov
Is seems that parent is already updated in https://issues.apache.org/jira/browse/IGNITE-13987 > On 14 Jan 2021, at 01:57, Valentin Kulichenko > wrote: > > Andrey, > > This sounds even better. Can you create a ticket for this change? > >

Re: SHA-512 for Maven deployment

2021-01-13 Thread Valentin Kulichenko
Andrey, This sounds even better. Can you create a ticket for this change? -Val On Wed, Jan 13, 2021 at 2:34 PM Andrey Mashenkov wrote: > Val, > > I've just found Maven projects use SHA-512. > I passed through commits and found they just switched to newer parent > org.apache:apache pom. > I've

Re: SHA-512 for Maven deployment

2021-01-13 Thread Andrey Mashenkov
Val, I've just found Maven projects use SHA-512. I passed through commits and found they just switched to newer parent org.apache:apache pom. I've compared our current parent pom with the latest available one (org.apache:apache:16 vs org.apache:apache:23) and then found checksum-maven-plugin was a

Re: SHA-512 for Maven deployment

2021-01-13 Thread Valentin Kulichenko
Hi Andrey, This indeed sounds like the cleanest way. I don't know how much effort that would be though. -Val On Wed, Jan 13, 2021 at 11:01 AM Andrey Mashenkov < andrey.mashen...@gmail.com> wrote: > Maybe, we could donate to maven plugin possibility to switch to SHA-512. > Hopefully, a new plugi

Re: SHA-512 for Maven deployment

2021-01-13 Thread Andrey Mashenkov
Maybe, we could donate to maven plugin possibility to switch to SHA-512. Hopefully, a new plugin version will be released before we have any release candidate. Is it looks like a big deal? ср, 13 янв. 2021 г., 21:32 Valentin Kulichenko < valentin.kuliche...@gmail.com>: > Hi Ivan, > > No, I haven

Re: SHA-512 for Maven deployment

2021-01-13 Thread Valentin Kulichenko
Hi Ivan, No, I haven't found a way yet. SHA1 still works, but I believe we should consider using better options in future releases. Do you have any ideas on how to implement this? -Val On Wed, Jan 13, 2021 at 8:21 AM Ivan Pavlukhin wrote: > Folks, > > Were you able to resolve this? > > 2020-1

Re: SHA-512 for Maven deployment

2021-01-13 Thread Ivan Pavlukhin
Folks, Were you able to resolve this? 2020-12-28 22:15 GMT+03:00, Valentin Kulichenko : > Hi Ivan, > > Thanks for your response. I've looked into the PGP plugin, and > unfortunately it looks like it only can create signatures, but not > checksums. > > -Val > > On Sun, Dec 27, 2020 at 11:54 PM Iva

Re: SHA-512 for Maven deployment

2020-12-28 Thread Valentin Kulichenko
Hi Ivan, Thanks for your response. I've looked into the PGP plugin, and unfortunately it looks like it only can create signatures, but not checksums. -Val On Sun, Dec 27, 2020 at 11:54 PM Ivan Bessonov wrote: > Hi, > > I've never done this before, but it seems like we need maven-gpg-plugin for

Re: SHA-512 for Maven deployment

2020-12-27 Thread Ivan Bessonov
Hi, I've never done this before, but it seems like we need maven-gpg-plugin for it [1]. Algorithm configuration would look like this: --digest-algo=SHA512 Maybe this will help. [1] http://maven.apache.org/plugins-archives/maven-gpg-plugin-LATEST/sign-mojo.html пн, 28 дек. 2020 г. в 01:25

SHA-512 for Maven deployment

2020-12-27 Thread Valentin Kulichenko
Igniters, I've been preparing the 3.0.0-alpha1 release and got confused about the requirements for checksums in Maven deployments. The Apache instruction [1] states that MD5 is deprecated and SHA1 should be avoided in favor of SHA-256 or SHA-512. However, it looks like we are still using the MD5/S