We "SHOULD NOT" any longer publish SHA1 checksums for new releases, according to https://www.apache.org/dev/release-distribution#sigs-and-sums
So I have done this: * remove references to SHA1 from the documentation -- http://svn.apache.org/r1837935 * stop producing *.sha1 files and stop listing SHA1 on the 'downloads' page -- http://svn.apache.org/r1837939 * remove SHA1 listings from the 'downloads' web page for current releases -- http://svn.apache.org/r1837938 Thanks to Paul Hammant for mentioning this policy to me. -- - Julian
