Hi Maven team, TL;DR: Can we sign (SHA-512) artifacts with gpg plugin and how?. Thanks.
1. We are trying to sign Apache SystemDS[0] release artifacts with gpg-plugin, we are only receiving the `.md5` and `.sha1` without the `-Daether.checksums.algorithms=SHA-512` flag as per [1][4]. 2. With the following command we are receiving the .asc file additionally. But, not the `.sha512`. mvn -P'distribution' deploy -DskiptTests \ -Daether.checksums.algorithms=SHA-512 3. I have read through the mail list[1] and some source code[3]. I have noted from discussion in [2] that the gpg arguments[5] in pom.xml may not work but only work on the command line. -- [0] https://github.com/apache/systemds/blob/master/pom.xml [1] https://maven.apache.org/resolver/configuration.html [2] https://www.mail-archive.com/users@maven.apache.org/msg142898.html [3] https://github.com/apache/maven/blob/master/maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessionFactory.java#L117 [4] https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#MessageDigest [5] https://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html#gpgArguments Thanks and regards, Janardhan