> Voting will start now (2018/8/29 date) and will remain open for at least > 72 hours, Request all PPMC members to give their vote. > [ ] +1 Release this package. > [ ] +0 No opinion. > [ ] -1 Do not release this package because....
-1 The digests on the maven artefacts don't meet the new ASF release requirements. The distribution artefacts are good, only asc signatures and sha512 digests, as seen in https://dist.apache.org/repos/dist/dev/incubator/skywalking/5.0.0-RC/ But the artefacts in the maven staging repository don't have sha512 digests, and have the now forbidden md5 and sha1 digests. As seen in https://repository.apache.org/content/repositories/orgapacheskywalking-1017/org/apache/skywalking/agent-grpc-provider/5.0.0-RC/ The relevant ASF documentation is in https://www.apache.org/dev/release-distribution#sigs-and-sums specifically… > For every artifact distributed to the public through Apache channels, the PMC > > - MUST supply a valid OpenPGP-compatible ASCII-armored detached signature > file > - MUST supply at least one checksum file > - SHOULD supply a SHA-256 and/or SHA-512 checksum file > - SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are > deprecated) > > For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT > supply MD5 or SHA-1. Existing releases do not need to be changed. Upgrading to apache pom 21 should fix this. https://lists.apache.org/thread.html/ab0838d16033a54e039cf3dbe3344c7e63b340f0dbc14ad14211ff1d@%3Cannounce.maven.apache.org%3E regards, Mick