Igniters, I've been preparing the 3.0.0-alpha1 release and got confused about the requirements for checksums in Maven deployments. The Apache instruction [1] states that MD5 is deprecated and SHA1 should be avoided in favor of SHA-256 or SHA-512. However, it looks like we are still using the MD5/SHA1 combination (at least that's what the staging for 2.9.1 [2] contains).
On top of that, I can't find an easy way to switch to another checksum - Maven deploy plugin [3] creates MD5 and SHA1 files automatically and doesn't seem to have any options to tweak this behavior. That said, I have two questions: 1. Are we required to use SHA512 or MD5/SHA1 is OK for now? 2. Is there a painless way to include SHA512 in addition to MD5/SHA1? Can anyone shed some light on this? [1] https://infra.apache.org/release-signing.html#basic-facts [2] https://repository.apache.org/content/repositories/orgapacheignite-1490/org/apache/ignite/ignite-core/2.9.1/ [3] https://maven.apache.org/plugins/maven-deploy-plugin/deploy-mojo.html -Val
