www-release-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From herve.bout...@free.fr
Subject Re: MPOM-205 creating source release checksums in target for Apache dist area
Date Tue, 07 Aug 2018 21:29:04 GMT
squashed and kept only SHA-512

Maven core plugins don't cover everything even quite generic like creating checksums, that's
why there are many Maven plugins out there...

Regards,

Hervé

----- Mail original -----
De: "Michael Osipov" <michaelo@apache.org>
À: "Maven Developers List" <dev@maven.apache.org>, "herve boutemy" <herve.boutemy@free.fr>
Cc: release-discuss@apache.org
Envoyé: Mardi 7 Août 2018 23:04:46
Objet: Re: MPOM-205 creating source release checksums in target for Apache dist area

Am 2018-08-07 um 22:50 schrieb herve.boutemy@free.fr:
> Hi,
> 
> Recently, Apache distribution policy changed regarding checksums [1]: now, SHA-256 or
SHA-512 checksums are required.
> 
> This lead to discussion about changing checksums used on Maven repository and/or Apache
Nexus repository.
> 
> But Maven repository requirements and Apache source distribution requirements are completely
independant: why tie them?
> 
> 
> I just implemented SHA-256 and SHA-512 checksums tracked through MPOM-205 [2]:
> 1. only for Apache source release files
> 2. only in local build, available in target/ directory (nothing related to Maven repository
nor deploy)
> 
> See the related Git branch [3]
> 
> 
> Anything to add before I merge this branch to master?
> And eventually launch Apache parent POM 21 release quite soon...

Please squash.

It is a pity to see that none of our plugins can produce the checksums.
While the requires says at least one checksum, do you see any huge 
benefit having SHA512 over 256? I see none.

Michael

Mime
View raw message