[
https://issues.apache.org/jira/browse/SLING-7534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16549130#comment-16549130
]
Karl Pauls commented on SLING-7534:
-----------------------------------
I did the same you mentioned in that thread to verify (i.e., I looked at the
upload messages and all I did see uploading was the .asc and the artifacts) -
hence, I figure it must be the case that repository is happy with an upload of
.asc and generates the md5 and sha1 by itself.
Granted, its entirely possible I missed something or it is just not reported
but if you look into the target dir of a release it doesn't contain .md5 or
.sha1 either so it would be a somewhat sneaky "we generate the checksums on the
fly in memory while uploading and don't report the upload" way of doing it.
Ultimately, for now, I just opted for the recommendation [~rombert] has above
namely, just don't copy the md5 into dist.
> Release policy - stop providing MD5 signatures
> ----------------------------------------------
>
> Key: SLING-7534
> URL: https://issues.apache.org/jira/browse/SLING-7534
> Project: Sling
> Issue Type: Task
> Components: Tooling
> Reporter: Robert Munteanu
> Priority: Major
>
> See http://www.apache.org/dev/release-distribution#sigs-and-sums , we SHOULD
> no longer provide MD5 checksums for new releases.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
