Am 2018-08-07 um 22:50 schrieb herve.bout...@free.fr:
Hi,
Recently, Apache distribution policy changed regarding checksums [1]: now,
SHA-256 or SHA-512 checksums are required.
This lead to discussion about changing checksums used on Maven repository
and/or Apache Nexus repository.
But Maven repository requirements and Apache source distribution requirements
are completely independant: why tie them?
I just implemented SHA-256 and SHA-512 checksums tracked through MPOM-205 [2]:
1. only for Apache source release files
2. only in local build, available in target/ directory (nothing related to
Maven repository nor deploy)
See the related Git branch [3]
Anything to add before I merge this branch to master?
And eventually launch Apache parent POM 21 release quite soon...
Please squash.
It is a pity to see that none of our plugins can produce the checksums.
While the requires says at least one checksum, do you see any huge
benefit having SHA512 over 256? I see none.
Michael
