[
https://issues.apache.org/jira/browse/MPOM-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17275264#comment-17275264
]
Konrad Windszus commented on MPOM-244:
--------------------------------------
In the past the Maven generated SHA1 checksum have been used by a lot of ASF
projects as checksum which was pushed to dist once finalizing a release. Now
that ASF has the requirement for SHA512 in dist this is on longer possible, but
as I said, generating the SHA512 checksums with checksum-maven-plugin, attach
them as 2nd artifacts and deploy them to the staging repo allows to use the
same approach.
That allows also to easily verify a release from just the contents of the stage
repository....
> Upload SHA-512 to Staging Repository
> ------------------------------------
>
> Key: MPOM-244
> URL: https://issues.apache.org/jira/browse/MPOM-244
> Project: Maven POMs
> Issue Type: Improvement
> Components: asf
> Affects Versions: ASF-23
> Reporter: Konrad Windszus
> Priority: Major
>
> As now the ASF staging repository supports SHA2 hashes
> (https://issues.apache.org/jira/browse/INFRA-14923) they should be generated
> for
> - all attached artifacts and
> - deployed to the Staging repository (i.e. attached to build as well)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
