kwin edited a comment on pull request #10:
URL: https://github.com/apache/sling-parent/pull/10#issuecomment-752036257
> I was curious thought, do we not see a fix "upstream", e.g. in the maven
install/deploy plugins or in Nexus?
Although Maven Resolver added support for SHA256/512 in
https://issues.apache.org/jira/browse/MRESOLVER-56 it is disabled by default
for performance reasons (https://issues.apache.org/jira/browse/MRESOLVER-138).
Generating the checksums with Maven Resolver requires setting system properties
(https://maven.apache.org/resolver/configuration.html). Also only the upcoming
Maven 4.x will include those updated Maven resolver versions.
(Update: Maven 3.8.1 contains a newer Resolver as well)
Therefore I would recommend to stick with the approach to only generate
SHA512 for ASF source release artifacts with the
https://github.com/nicoulaj/checksum-maven-plugin/ and ignore the MD5/SHA1
generated for those. Maven will internally not check against those checksums
(except if explicitly configured), so we just need those primarily on the
Staging repo to be able to have all artifacts for an ASF in it (without being
forced to generate/transfer other artifacts when pushing to ASF dist)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
