It includes generating sha512 checksums for the source-release (not the artifacts going to maven central where sha1 and md5 are pretty built-in).

I updated the Jena parent POM.

The next Jena release will have to tweak the process slightly, hopefully just not having to fix up sha-checksums. But this step only happens in the release:preform so is untested for now.

What I haven't figure out is how this interacts with the source-release going off to Maven central which is the way the release plugin generates the source-release in the first place.

Now SHA1 is being to look less safe, the foundation is moving to prefer sha256/sha512 only as being an example of good practice.

    Andy


-------- Forwarded Message --------
Subject: [ANN] Apache Software Foundation Parent POM Version 21 Released
Date: Thu, 23 Aug 2018 00:08:14 +0200
From: HervĂ© Boutemy <[email protected]>
Reply-To: [email protected]
To: [email protected], [email protected]
CC: [email protected], [email protected]

The Apache Maven team is pleased to announce the release of the Apache Software Foundation Parent POM Version 21.

https://maven.apache.org/pom/asf/

You should specify the version in your project as parent like the following:

<parent>
   <groupId>org.apache</groupId>
   <artifactId>apache</artifactId>
   <version>21</version>
</parent>

You can download the appropriate sources etc. from the download page:

http://maven.apache.org/pom/asf/download.html


Release Notes - Maven POMs - Version ASF-21

** New Feature
* [MPOM-205] - create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release


Changes since version 20:

https://gitbox.apache.org/repos/asf?p=maven-apache-parent.git;a=blobdiff;f=pom.xml;hb=apache-21;hpb=apache-20
https://github.com/apache/maven-apache-parent/compare/apache-20...apache-21

Enjoy,
    -The Apache Maven team


Reply via email to