Note that in moderation of annou...@apache.org, I received the following response;
> MD5 and SHA1 hashes have been deprecated for some time on download pages (*) > > Please update the download page(s) to remove these. > > (*) http://www.apache.org/dev/release-distribution#sigs-and-sums Are we concerned with retaining either-or MD5 or SHA1 for legacy architecture users? As we integrate to openssl 0.9.8+, and those all have an `openssl sha256` facility, it seems like the concern is pretty obscure. Do we have an opinion on offering both sha256 + sha512? Only one or the other, and if so, which? Thoughts? Bill