commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gilles <gil...@harfang.homelinux.org>
Subject Re: checksum file Release Distribution Policy
Date Mon, 05 Mar 2018 19:18:26 GMT
On Mon, 5 Mar 2018 11:35:27 -0500, Rob Tompkins wrote:
> The plugin only finds the assemblies, and the .asc files. We’ve been
> using the created signatures from nexus. So, I actually am creating
> the same signature files in the plugin. So, we have some leeway in
> deciding what sorts of signatures we want to upload to the “dist” svn
> repo.

For this, we should (IIUC):
   * not use MD5
   * use SHA-512

Does the plugin create those checksum files for the "full dist"
archive files for a multi-module maven project?

Gilles

> [...]
>>>>
>>>> Old policy :
>>>>
>>>>    -- MUST provide a MD5-file
>>>>    -- SHOULD provide a SHA-file [SHA-512 recommended]
>>>>
>>>> New policy :
>>>>
>>>>    -- MUST provide a SHA- or MD5-file
>>>>    -- SHOULD provide a SHA-file
>>>>    -- SHOULD NOT provide a MD5-file
>>>>
>>>> [...]


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message