juneau-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Bognar <jamesbog...@apache.org>
Subject Re: Quick question...checksums?
Date Mon, 17 Sep 2018 18:36:41 GMT
If I'm reading the POMs correctly, it looks like SHA512 support was added
in version 19 of the parent apache artifact:
            <gpgArguments>
              <arg>--digest-algo=SHA512</arg>
            </gpgArguments>

We're still using 18 so it wasn't generated.

I see there's a version 21.  I'll move us to that.

Are we supposed to be watching for new maven parent apache artifact
versions somehow?


On Mon, Sep 17, 2018 at 2:01 PM Gary Gregory <garydgregory@gmail.com> wrote:

> On Mon, Sep 17, 2018 at 11:59 AM Gary Gregory <garydgregory@gmail.com>
> wrote:
>
>> On Mon, Sep 17, 2018 at 11:52 AM James Bognar <jamesbognar@apache.org>
>> wrote:
>>
>>> I think I'm confused.
>>>
>>> The checksums in the release are "*.md5" and "*.sha1":
>>>
>>> https://repository.apache.org/content/repositories/orgapachejuneau-1022/org/apache/juneau/juneau-all/7.2.0/
>>>
>>> Are the "*.sha1" files using SHA-1 or SHA-256/512?  I can't tell other
>>> than by the file names.
>>>
>>
>> That's the only way you can tell from all the Apache releases I've seen.
>> The extension .md5 means MDA and .sha1 means SHA-1. You can tell in the SHA
>> files if it's from SHA-256, SHA-512, or something else by the length of the
>> checksum.
>>
>
> For example:
> https://archive.apache.org/dist/commons/lang/binaries/commons-lang3-3.8-bin.zip.sha256
>
> Gary
>
>>
>> Gary
>>
>>
>>>
>>> Our keys are here:
>>> https://people.apache.org/keys/group/juneau.asc
>>>
>>>
>>>
>>> On Mon, Sep 17, 2018 at 1:25 PM Gary Gregory <garydgregory@gmail.com>
>>> wrote:
>>>
>>>> You must NOT ship SHA1! Only SHA-256 or 512.
>>>>
>>>> Gary
>>>>
>>>> On Mon, Sep 17, 2018 at 11:21 AM James Bognar <jamesbognar@apache.org>
>>>> wrote:
>>>>
>>>>> I believe they mentioned on the general mailing list that you only
>>>>> need to ship SHA-1 checksums and not ASC or MD5.  Can I get a quick
>>>>> confirmation on that?
>>>>>
>>>>

Mime
View raw message