Hi Justin,


> Also not everyone may be aware are some new considerations around hashes for 
> releases. [2] But it is easily to comply, compared to the last release you 
> would need to add a SHA hash file or replace the existing MD5 file with a SHA 
> file.

(a) Alex is aware.
(b) The policy just officially changed this week. I don’t think that instant 
compliance is expected. Henk is watching - everyone can look here to see how 
all the projects stack up. [1]

Alex - are you waiting for the next release to make the SHA changes?



[1] http://checker.apache.org

> 2. https://www.apache.org/dev/release-distribution#sigs-and-sums

Attachment: signature.asc
Description: Message signed with OpenPGP

Reply via email to