commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Eckenfels <>
Subject Re: MD5/SHA1 links - make sure they are removed in component source!
Date Wed, 13 Mar 2019 00:00:01 GMT

>> BTW the (Imaging] Download (still) points to incubator
>Please start a new thread for a new issue, thanks!

I noticed this seems to be expected as [Imaging] does Mention it on the site. So I dont pursue
this part further.

However while  trying to fix some site typos I also tried to recreate the download page and
I noticed something strange:

[Imaging] uses parent 47 (build-plugin 1.9), but when I run* the download-page goal  it generated
download_imaging with  SHA1-links.

When I look into the source of the download-page:1.9 it seems to default to SHA512 and in
the effective pomI dont see Commons.release.hash beeing overwritten.

How is it actually configured to use sha256 in the download-page plugin?

I even tried -Dcommons.release.hash=sha256, but that had no effect, presumeable because the
Mojo does not define it as property?

Anyway, I manually  fixed the xdoc with sha256 and fixed a gitbox link.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message