Thank you, for the generous response. The file hashes are created by maven-resolver, which supports SHA-512 since > version 1.5.0 ( https://issues.apache.org/jira/browse/MRESOLVER-56 ). > If I remember correctly maven-resolver 1.5+ is included since Maven 3.8.1. > So you would have to update your Maven to 3.8.1 and ` > -Daether.checksums.algorithms=SHA-512 ` should work then.
This works like a charm Frederik. The complete command I have used is ```sh mvn -P'distribution,rat' deploy -Daether.checksums.algorithms=SHA-512 ``` This is not signing, this is just a checksum for transport bitrot. Thanks Michael for clarification. I think this usage can be documented (explicitly). What do you think? I am open to giving a PR since all the apache projects use this functionality. :) Regards, Janardhan On Thu, May 27, 2021 at 1:27 PM Michael Osipov <micha...@apache.org> wrote: > Am 2021-05-26 um 09:14 schrieb Janardhan: > > Hi Maven team, > > > > TL;DR: Can we sign (SHA-512) artifacts with gpg plugin and how?. Thanks. > > This is not signing, this is just a checksum for transport bitrot. > If you need SHA-2 hashes use Resolver's new property for this. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >