> On Dec 11, 2019, at 4:33 PM, Emmanuel Lécharny <[email protected]> wrote: > > One remark : MD5 and SHA1 should not anymore be used to sign packages. The > other Directory projects are now signing everything with ASC, SHA256 and > SHA512. You can re-sign the packages and push the signatures on the repo.
Ah, in the staging repo, yes you’re right, and it’s closed, meaning will have to rerun the release. Speaking of, this step: mvn -Papache-release release:perform Signs and uploads the packages to the maven repo. I’m guessing the wrong version referenced by parent pom’s apache-release profile? — Shawn --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
