śr., 19 wrz 2018 o 12:08 Yasser Zamani <yasserzam...@apache.org> napisał(a): > -1 as I think this will be error prone and hard to do as a manual > procedure (ASF says "For every artifact distributed to the public > through Apache channels" [1] i.e. not only assemblies but also all > artifacts). I would automate it; as maven seems already is able to > generate and deploy SHA256/512 sums (with checksum-maven-plugin's > -DattachChecksums=true). These are what are up to us and Nexus issue > then is not, I think.
The cases is that we expose all the zip files on our download page and those zip files must have associated sha256/512 signatures. The release plugin doesn't do this nor Nexus (it generates sha1 files) - we can ask INFRA to change this but I assume it is not possible with current version of Nexus. So the only solution right now is to generate the missing signatures when we moving assemblies from Nexus to staging repo. And I don't think this is an error prone procedure as we can always re-generate the signatures having the original files exposed for download. https://struts.apache.org/download.cgi#struts2517 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
