diff --git a/ChangeLog b/ChangeLog index 2cc8ec3e..a08ef305 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2020-10-25 Jay Berkenbilt + * When signing distribution files, generate sha256 checksums + instead of md5, sha1, and sha512. sha256 seems to be more widely + used, and there's no reason to use md5 or sha1 anymore. + * Official Windows releases are now built using the openssl crypto provider. The native provider is still available for selection at runtime using the QPDF_CRYPTO_PROVIDER environment variable. diff --git a/README-maintainer b/README-maintainer index c4ba1b4a..297fb262 100644 --- a/README-maintainer +++ b/README-maintainer @@ -112,6 +112,11 @@ RELEASE PREPARATION search for copyright. Don't forget copyright in manual. Also update debian copyright in debian package. Last updated: 2020. +* Take a look at "External Libraries" in TODO to see if we need to + make any changes. There is still some automation work left to do, so + handling external-libs releases is still manual. See also + README-maintainer in external-libs. + * Check for open fuzz crashes at https://oss-fuzz.com * Check lgtm: https://lgtm.com/projects/g/qpdf/qpdf/?mode=list @@ -244,13 +249,11 @@ gpg --detach-sign --armor qpdf-$version.tar.gz Windows binaries, the AppImage, the source tarball, and the source tarball signature. -\rm -f *.{md5,sha1,sha512} +\rm -f *.sha256 files=(*) -for i in md5 sha1 sha512; do - ${i}sum ${files[*]} >| qpdf-$version.$i - gpg --clearsign --armor qpdf-$version.$i - mv qpdf-$version.$i.asc qpdf-$version.$i -done +sha256sum ${files[*]} >| qpdf-$version.sha256 +gpg --clearsign --armor qpdf-$version.sha256 +mv qpdf-$version.sha256.asc qpdf-$version.sha256 chmod 444 * chmod 555 *.AppImage