Hi Betrand, On Wed, 2018-04-11 at 14:14 +0200, Bertrand Delacretaz wrote: > Hi, > > As per https://www.apache.org/dev/release-signing.html we should stop > using md5 digests and point to the sha1 digests that we already have, > instead (because md5 is broken nowadays). > > I have made that change at http://sling.apache.org/downloads.cgi to > point to sha1 digests - and fixed a bunch of broken links there at > the > same time, where versions where out of sync with > https://dist.apache.org/repos/dist/release/sling/ > > Does anyone know how to disable the creation of md5 digests in our > release builds? I have the impression that it's repository.apache.org > that addds them: if I do a "maven:deploy" on one of our modules, > they're not shown as being uploaded but are present in the > repository.a.o folder.
I am not sure when/how they are generated. Note that there's a task for the release policy update at https://issues.apache.org/jira/browse/SLING-7534 Robert
