Hi, Recently, Apache distribution policy changed regarding checksums [1]: now, SHA-256 or SHA-512 checksums are required.
This lead to discussion about changing checksums used on Maven repository and/or Apache Nexus repository. But Maven repository requirements and Apache source distribution requirements are completely independant: why tie them? I just implemented SHA-256 and SHA-512 checksums tracked through MPOM-205 [2]: 1. only for Apache source release files 2. only in local build, available in target/ directory (nothing related to Maven repository nor deploy) See the related Git branch [3] Anything to add before I merge this branch to master? And eventually launch Apache parent POM 21 release quite soon... Regards, Hervé [1] http://www.apache.org/dev/release-distribution#sigs-and-sums [2] https://issues.apache.org/jira/browse/MPOM-205 [3] https://github.com/apache/maven-apache-parent/tree/MPOM-205 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org