michael-o commented on pull request #631: URL: https://github.com/apache/maven/pull/631#issuecomment-986731531
What I absolutely dislke that terms like hash and checksums are used interchangeably, but they are *not*. They serve different purposes. Please completely clarify in the code *and* documentation what you actually need. Read https://security.stackexchange.com/a/194602 Maven for example does *not* require any hashes for artifact download, all we need are checksums to avoid bitrot. That's it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
