[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: No longer supply SHA1 checksums for new releases

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Mon, 13 Aug 2018 12:20:57 +0000

Julian Foad wrote on Mon, 13 Aug 2018 12:59 +0100:
> We "SHOULD NOT" any longer publish SHA1 checksums for new releases, according to
> https://www.apache.org/dev/release-distribution#sigs-and-sums
>
> So I have done this:
>
> * remove references to SHA1 from the documentation
>
> -- http://svn.apache.org/r1837935
>

+1

> * stop producing *.sha1 files and stop listing SHA1 on the 'downloads' page
>
> -- http://svn.apache.org/r1837939
>

I was under the impression that we should keep producing *.sha1 files
for 1.9 and 1.10 releases, for compatibility reasons. The "SHOULD NOT"
language in the policy was specifically intended to allow this sort of
compatibility.

To be clear, I'm suggesting that we only drop sha1 checksums for 1.11.0-alpha1
and newer. WDYT?

> * remove SHA1 listings from the 'downloads' web page for current releases
>
> -- http://svn.apache.org/r1837938
>

+1

> Thanks to Paul Hammant for mentioning this policy to me.

Thank you for doing the legwork.

Cheers,

Daniel
Received on 2018-08-13 14:21:07 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.