I have had to fix several download pages recently because they
referred to sha512 instead of sha256.

Please would RMs double-check that the pom has the correct setting and
that the generated download_xyz.xml file corresponds with the file

In future, I think the hash setting should *always* be specified in
the pom, rather than relying on a default (*)
How does one know whether the setting is missing by accident or design?
(It does not help that the default has been changed twice fairly recently)

(*) IMO built-in defaults should only be used for values that are
almost always correct, i.e. where it is unusual to see a different
value. Defaults should never be changed.

To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Reply via email to