So I've removed the md5 and sha1 files for the distributions: https://repository.apache.org/service/local/repositories/orgapachemina-1047/content/org/apache/sshd/apache-sshd/2.4.0/
Le lun. 20 janv. 2020 à 14:09, Guillaume Nodet <[email protected]> a écrit : > I think we're fine, we do provide the .asc PGP armored signatures. > I'll remove the .md5 and .sha1 files from the repository. > > Le lun. 20 janv. 2020 à 13:47, Emmanuel Lécharny <[email protected]> a > écrit : > >> Hi guys, >> >> >> I'm sorry, but new release *MUST* be signed using something stronger >> than MD5 or SHA1 : >> >> >> https://www.apache.org/dev/release-distribution.html#sigs-and-sums : >> >> >> "SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are >> deprecated)" >> >> >> >> >> On 18/01/2020 09:02, Guillaume Nodet wrote: >> > I've staged a release candidate: >> > * Repo: >> > https://repository.apache.org/content/repositories/orgapachemina-1047 >> > * Distributions: >> > >> https://repository.apache.org/content/repositories/orgapachemina-1047/org/apache/sshd/apache-sshd/2.4.0/ >> > * Git Tag: >> https://github.com/apache/mina-sshd/releases/tag/sshd-2.4.0 >> > >> > Please review and vote ! >> > >> > Cheers, >> > Guillaume Nodet >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > -- > ------------------------ > Guillaume Nodet > > -- ------------------------ Guillaume Nodet
