www-release-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Osipov <micha...@apache.org>
Subject Re: MPOM-205 creating source release checksums in target for Apache dist area
Date Tue, 07 Aug 2018 21:04:46 GMT
Am 2018-08-07 um 22:50 schrieb herve.boutemy@free.fr:
> Hi,
> 
> Recently, Apache distribution policy changed regarding checksums [1]: now, SHA-256 or
SHA-512 checksums are required.
> 
> This lead to discussion about changing checksums used on Maven repository and/or Apache
Nexus repository.
> 
> But Maven repository requirements and Apache source distribution requirements are completely
independant: why tie them?
> 
> 
> I just implemented SHA-256 and SHA-512 checksums tracked through MPOM-205 [2]:
> 1. only for Apache source release files
> 2. only in local build, available in target/ directory (nothing related to Maven repository
nor deploy)
> 
> See the related Git branch [3]
> 
> 
> Anything to add before I merge this branch to master?
> And eventually launch Apache parent POM 21 release quite soon...

Please squash.

It is a pity to see that none of our plugins can produce the checksums.
While the requires says at least one checksum, do you see any huge 
benefit having SHA512 over 256? I see none.

Michael

Mime
View raw message