[
https://issues.apache.org/jira/browse/MINSTALL-138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16573634#comment-16573634
]
Hervé Boutemy commented on MINSTALL-138:
----------------------------------------
I'm not convinced install or deploy are the right place to create checksums
required by Apache (source) release distribution policy
http://www.apache.org/dev/release-distribution
Maven repository checksums are applied to every file deployed, in general .pom,
.jar, -sources.jar and -javadoc.jar (see
https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.5.4/ for
example)
Apache source release distribution checksum is only for -source-release.zip
now that MPOM-205 works, I'm convinced that creating new checksums for Apache
release distribution policy at Maven repository level is not the right approach
if we want the source release zip sha-512 checksum, we can attach the artifact
specifically for this source-release zip
but adding sha-512 checksums for absolutely every file in the Maven repository
is just overkill IMHO
> option to calculate more checksum such sha-256 sha-512
> ------------------------------------------------------
>
> Key: MINSTALL-138
> URL: https://issues.apache.org/jira/browse/MINSTALL-138
> Project: Maven Install Plugin
> Issue Type: New Feature
> Components: install:install, install:install-file
> Affects Versions: 2.5.2
> Reporter: Olivier Lamy (*$^¨%`£)
> Assignee: Olivier Lamy (*$^¨%`£)
> Priority: Major
>
> currently install generate only sha-1 we should be able to generate sha-256
> and sha-512 as well.
> NOTE: sha-512 will be required by Apache policy.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
