[X] -1 Not OK to release, because ...
Some SHA512 files are not immediately checkable because they contain a file
name without a version, e.g.:
06a881636330fbbabe104a57b1ca3140568fb2a843bb235a7f24d75be4d0f6ce85690e1c62160b9da3216334cd0324358827fe315c090dd8f58e4109e1156a7e
uima-core.jar
While the checksum is correct as verified using the following script, it is
quite annoying still:
**checkHashes.sh**
```
tmp="$(mktemp /tmp/tmp.XXXXXXXXXX)"
md5hash=`cat $1.md5`
sha1hash=`cat $1.sha1`
sha512hash=`cat $1.sha512 | cut -d ' ' -f1`
echo "$sha512hash $1" > "$tmp"
printf "SHA512 "
sha512sum -c "$tmp"
echo "$sha1hash $1" > "$tmp"
printf "SHA1 "
sha1sum -c "$tmp"
echo "$md5hash $1" > "$tmp"
printf "MD5 "
md5sum -c "$tmp"
rm "$tmp"
```
and
```
find . -not '(' -name '*.md5' -or -name '*.sha*' -or -name '*.asc' -or -name
'maven-metadata.xml' -or -name 'DEPENDENCIES' -or -name 'LICENSE' -or -name
'NOTICE' ')' -type f -print0 | xargs -I '{}' -0 -n1 -S 2000 ./checkHashes.sh
'{}'
```
Comparing the source release ZIP against the git tag yields some unexpected
differences. Particularly wrong seems a dylib which somehow made it into the
sources ZIP:
Only in uimaj-3.4.0: jffi14000777600909392479.dylib
Cheers,
-- Richard
