[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599950#comment-16599950 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-indexer » master #16 See https://builds.apache.org/job/maven-box/job/maven-indexer/job/master/16/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599949#comment-16599949 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-indexer » master #16 See https://builds.apache.org/job/maven-box/job/maven-indexer/job/master/16/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599946#comment-16599946 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-war-plugin » master #43 See https://builds.apache.org/job/maven-box/job/maven-war-plugin/job/master/43/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599945#comment-16599945 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-war-plugin » master #43 See https://builds.apache.org/job/maven-box/job/maven-war-plugin/job/master/43/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599943#comment-16599943 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-verifier-plugin » master #29 See https://builds.apache.org/job/maven-box/job/maven-verifier-plugin/job/master/29/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599944#comment-16599944 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-verifier-plugin » master #29 See https://builds.apache.org/job/maven-box/job/maven-verifier-plugin/job/master/29/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599941#comment-16599941 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-toolchains-plugin » master #22 See https://builds.apache.org/job/maven-box/job/maven-toolchains-plugin/job/master/22/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599942#comment-16599942 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-toolchains-plugin » master #22 See https://builds.apache.org/job/maven-box/job/maven-toolchains-plugin/job/master/22/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599940#comment-16599940 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-stage-plugin » master #15 See https://builds.apache.org/job/maven-box/job/maven-stage-plugin/job/master/15/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599939#comment-16599939 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-stage-plugin » master #15 See https://builds.apache.org/job/maven-box/job/maven-stage-plugin/job/master/15/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SUREFIRE-1563) NoClassDefFoundError for JPMS modules with "require static"
[
https://issues.apache.org/jira/browse/SUREFIRE-1563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599938#comment-16599938
]
Christian Stein commented on SUREFIRE-1563:
---
{quote}...modulepath should be about clear separation. That's why now isolation
even more important to me.
{quote}
I totally agree.
Your idea of having a separate and dedicated "class-info.java" file that
controls the extra Java options needed at test runtime to make modular testing
work is good. To exclude it by default from compilation it should not end with
".java", though. Perhaps "module-info.test"?
> NoClassDefFoundError for JPMS modules with "require static"
> ---
>
> Key: SUREFIRE-1563
> URL: https://issues.apache.org/jira/browse/SUREFIRE-1563
> Project: Maven Surefire
> Issue Type: Bug
> Components: Maven Surefire Plugin
>Affects Versions: 2.22.0
>Reporter: Simone Bordet
>Priority: Major
> Attachments: maven-jpms.tgz
>
>
> When a Maven module has a {{module-info.java}} that contains a {{requires
> static}}, Surefire throws {{NoClassDefFoundError}} when running the tests for
> that Maven module.
> If the dependency is declared only as {{required}} (no {{static}}), then the
> tests run fine.
> Attached a reproducible project.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599936#comment-16599936 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-source-plugin » master #28 See https://builds.apache.org/job/maven-box/job/maven-source-plugin/job/master/28/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599937#comment-16599937 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-source-plugin » master #28 See https://builds.apache.org/job/maven-box/job/maven-source-plugin/job/master/28/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNG-5666) Divide lifecycle in prePhases, phases and postPhases
[
https://issues.apache.org/jira/browse/MNG-5666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599935#comment-16599935
]
Hudson commented on MNG-5666:
-
Build succeeded in Jenkins: Maven TLP » maven » MNG-5666 #3
See https://builds.apache.org/job/maven-box/job/maven/job/MNG-5666/3/
> Divide lifecycle in prePhases, phases and postPhases
>
>
> Key: MNG-5666
> URL: https://issues.apache.org/jira/browse/MNG-5666
> Project: Maven
> Issue Type: Sub-task
> Components: FDPFC, Plugins and Lifecycle
>Reporter: Robert Scholte
>Assignee: Jason van Zyl
>Priority: Major
> Fix For: 3.x / Backlog
>
>
> Original proposal
> {quote}
> PROPOSAL 1: PerProject and PerPhase Executions
>
> I've recently introduced the installAtEnd/deployAtEnd as an experimental
> feature which should improve the behavior of Maven without having to wait for
> the implementation in Maven Core, which would have a huge impact.
> The reason is that you only want to install and/or deploy only after all
> modules have been build and verified successfully.
> This feature works for most projects, however there are cases which cannot be
> solved by the plugin solution and require a change in the handling of
> lifecycles in Maven Core.
> Up unto the verify-phase you want to execute all phases per project, whereas
> the install and deploy should be executed per phase.
> Consider a root project with 2 modules, these should be executed like this
>
> root : validate ... verify
> module1: validate ... verify
> module2: validate ... verify
> root : install
> module1: install
> module2: install
> root : deploy
> module1: deploy
> module2: deploy
> {quote}
> After one of the google hangout session we came up with the following idea:
> divide the build in pre-build, build and post-build
> First the {{pre-build}} would do a validate of the whole project.
> The {{build}} runs from {{initialize}} up to {{verify}}
> The {{post-build}} would handle the distribution, being {{install}}/{{deploy}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599932#comment-16599932 ] Hudson commented on MPOM-205: - Build failed in Jenkins: Maven TLP » maven-site-plugin » master #52 See https://builds.apache.org/job/maven-box/job/maven-site-plugin/job/master/52/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599931#comment-16599931 ] Hudson commented on MNGSITE-341: Build failed in Jenkins: Maven TLP » maven-site-plugin » master #52 See https://builds.apache.org/job/maven-box/job/maven-site-plugin/job/master/52/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599928#comment-16599928 ] Hudson commented on MNGSITE-341: Build unstable in Jenkins: Maven TLP » maven-archetype » master #21 See https://builds.apache.org/job/maven-box/job/maven-archetype/job/master/21/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599929#comment-16599929 ] Hudson commented on MPOM-205: - Build unstable in Jenkins: Maven TLP » maven-archetype » master #21 See https://builds.apache.org/job/maven-box/job/maven-archetype/job/master/21/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599927#comment-16599927 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-shade-plugin » master #39 See https://builds.apache.org/job/maven-box/job/maven-shade-plugin/job/master/39/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599926#comment-16599926 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-shade-plugin » master #39 See https://builds.apache.org/job/maven-box/job/maven-shade-plugin/job/master/39/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599921#comment-16599921 ] Hudson commented on MNGSITE-341: Build unstable in Jenkins: Maven TLP » maven-scm-publish-plugin » master #27 See https://builds.apache.org/job/maven-box/job/maven-scm-publish-plugin/job/master/27/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599922#comment-16599922 ] Hudson commented on MPOM-205: - Build unstable in Jenkins: Maven TLP » maven-scm-publish-plugin » master #27 See https://builds.apache.org/job/maven-box/job/maven-scm-publish-plugin/job/master/27/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599920#comment-16599920 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-resources-plugin » master #30 See https://builds.apache.org/job/maven-box/job/maven-resources-plugin/job/master/30/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599919#comment-16599919 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-resources-plugin » master #30 See https://builds.apache.org/job/maven-box/job/maven-resources-plugin/job/master/30/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599915#comment-16599915 ] Hudson commented on MPOM-205: - Build unstable in Jenkins: Maven TLP » maven-repository-plugin » master #17 See https://builds.apache.org/job/maven-box/job/maven-repository-plugin/job/master/17/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599914#comment-16599914 ] Hudson commented on MNGSITE-341: Build unstable in Jenkins: Maven TLP » maven-repository-plugin » master #17 See https://builds.apache.org/job/maven-box/job/maven-repository-plugin/job/master/17/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599910#comment-16599910 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-remote-resources-plugin » master #23 See https://builds.apache.org/job/maven-box/job/maven-remote-resources-plugin/job/master/23/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599909#comment-16599909 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-remote-resources-plugin » master #23 See https://builds.apache.org/job/maven-box/job/maven-remote-resources-plugin/job/master/23/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599900#comment-16599900 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-rar-plugin » master #25 See https://builds.apache.org/job/maven-box/job/maven-rar-plugin/job/master/25/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599901#comment-16599901 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-rar-plugin » master #25 See https://builds.apache.org/job/maven-box/job/maven-rar-plugin/job/master/25/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599899#comment-16599899 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-project-info-reports-plugin » master #34 See https://builds.apache.org/job/maven-box/job/maven-project-info-reports-plugin/job/master/34/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599898#comment-16599898 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-project-info-reports-plugin » master #34 See https://builds.apache.org/job/maven-box/job/maven-project-info-reports-plugin/job/master/34/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599895#comment-16599895 ] Hudson commented on MPOM-205: - Build unstable in Jenkins: Maven TLP » maven-pmd-plugin » master #51 See https://builds.apache.org/job/maven-box/job/maven-pmd-plugin/job/master/51/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599893#comment-16599893 ] Hudson commented on MNGSITE-341: Build unstable in Jenkins: Maven TLP » maven-pmd-plugin » master #51 See https://builds.apache.org/job/maven-box/job/maven-pmd-plugin/job/master/51/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599890#comment-16599890 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-pdf-plugin » master #32 See https://builds.apache.org/job/maven-box/job/maven-pdf-plugin/job/master/32/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599889#comment-16599889 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-pdf-plugin » master #32 See https://builds.apache.org/job/maven-box/job/maven-pdf-plugin/job/master/32/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599887#comment-16599887 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-patch-plugin » master #14 See https://builds.apache.org/job/maven-box/job/maven-patch-plugin/job/master/14/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599888#comment-16599888 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-patch-plugin » master #14 See https://builds.apache.org/job/maven-box/job/maven-patch-plugin/job/master/14/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599883#comment-16599883 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-linkcheck-plugin » master #20 See https://builds.apache.org/job/maven-box/job/maven-linkcheck-plugin/job/master/20/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599882#comment-16599882 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-linkcheck-plugin » master #20 See https://builds.apache.org/job/maven-box/job/maven-linkcheck-plugin/job/master/20/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599881#comment-16599881 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-jmod-plugin » master #20 See https://builds.apache.org/job/maven-box/job/maven-jmod-plugin/job/master/20/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599880#comment-16599880 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-jmod-plugin » master #20 See https://builds.apache.org/job/maven-box/job/maven-jmod-plugin/job/master/20/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599878#comment-16599878 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-jlink-plugin » master #28 See https://builds.apache.org/job/maven-box/job/maven-jlink-plugin/job/master/28/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599877#comment-16599877 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-jlink-plugin » master #28 See https://builds.apache.org/job/maven-box/job/maven-jlink-plugin/job/master/28/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599874#comment-16599874 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-jdeps-plugin » master #39 See https://builds.apache.org/job/maven-box/job/maven-jdeps-plugin/job/master/39/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599875#comment-16599875 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-jdeps-plugin » master #39 See https://builds.apache.org/job/maven-box/job/maven-jdeps-plugin/job/master/39/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599873#comment-16599873 ] Hudson commented on MPOM-205: - Build failed in Jenkins: Maven TLP » maven-javadoc-plugin » master #61 See https://builds.apache.org/job/maven-box/job/maven-javadoc-plugin/job/master/61/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599872#comment-16599872 ] Hudson commented on MNGSITE-341: Build failed in Jenkins: Maven TLP » maven-javadoc-plugin » master #61 See https://builds.apache.org/job/maven-box/job/maven-javadoc-plugin/job/master/61/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599870#comment-16599870 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-jdeprscan-plugin » master #15 See https://builds.apache.org/job/maven-box/job/maven-jdeprscan-plugin/job/master/15/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599871#comment-16599871 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-jdeprscan-plugin » master #15 See https://builds.apache.org/job/maven-box/job/maven-jdeprscan-plugin/job/master/15/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599869#comment-16599869 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-invoker-plugin » master #39 See https://builds.apache.org/job/maven-box/job/maven-invoker-plugin/job/master/39/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599868#comment-16599868 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-invoker-plugin » master #39 See https://builds.apache.org/job/maven-box/job/maven-invoker-plugin/job/master/39/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599867#comment-16599867 ] Hudson commented on MPOM-205: - Build unstable in Jenkins: Maven TLP » maven-jarsigner-plugin » master #15 See https://builds.apache.org/job/maven-box/job/maven-jarsigner-plugin/job/master/15/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599866#comment-16599866 ] Hudson commented on MNGSITE-341: Build unstable in Jenkins: Maven TLP » maven-jarsigner-plugin » master #15 See https://builds.apache.org/job/maven-box/job/maven-jarsigner-plugin/job/master/15/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599864#comment-16599864 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-jar-plugin » master #33 See https://builds.apache.org/job/maven-box/job/maven-jar-plugin/job/master/33/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599865#comment-16599865 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-jar-plugin » master #33 See https://builds.apache.org/job/maven-box/job/maven-jar-plugin/job/master/33/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-197) Remove deprecated plexus-maven-plugin from pluginManagement
[
https://issues.apache.org/jira/browse/MPOM-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599863#comment-16599863
]
Hudson commented on MPOM-197:
-
Build succeeded in Jenkins: Maven TLP » maven-parent » master #102
See https://builds.apache.org/job/maven-box/job/maven-parent/job/master/102/
> Remove deprecated plexus-maven-plugin from pluginManagement
> ---
>
> Key: MPOM-197
> URL: https://issues.apache.org/jira/browse/MPOM-197
> Project: Maven POMs
> Issue Type: Wish
> Components: maven
>Affects Versions: MAVEN-32
>Reporter: Sylwester Lachiewicz
>Assignee: Hervé Boutemy
>Priority: Minor
> Fix For: MAVEN-33
>
>
> Remove the deprecated
> [{{plexus-maven-plugin}}|https://codehaus-plexus.github.io/plexus-maven-plugin/],
> which only supports Plexus Javadoc Tags, letting only its successor:
> [{{plexus-component-metadata}}|https://codehaus-plexus.github.io/plexus-containers/plexus-component-metadata/],
> which support both Plexus Javadoc Tags and Plexus Java Annotations,
>
> Remove plugin from dependencies so other projects should also modify
> configuration and try also to migrate to Java Annotation from Javadoc Tags.
> More information how to upgrade: [Maven Developer Cook Book - upgrade
> information|https://maven.apache.org/plugin-developers/cookbook/plexus-plugin-upgrade.html]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599857#comment-16599857 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-install-plugin » master #22 See https://builds.apache.org/job/maven-box/job/maven-install-plugin/job/master/22/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599856#comment-16599856 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-install-plugin » master #22 See https://builds.apache.org/job/maven-box/job/maven-install-plugin/job/master/22/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599855#comment-16599855 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-help-plugin » master #48 See https://builds.apache.org/job/maven-box/job/maven-help-plugin/job/master/48/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599854#comment-16599854 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-help-plugin » master #48 See https://builds.apache.org/job/maven-box/job/maven-help-plugin/job/master/48/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599851#comment-16599851 ] Hudson commented on MPOM-205: - Build unstable in Jenkins: Maven TLP » maven-gpg-plugin » master #19 See https://builds.apache.org/job/maven-box/job/maven-gpg-plugin/job/master/19/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599850#comment-16599850 ] Hudson commented on MNGSITE-341: Build unstable in Jenkins: Maven TLP » maven-gpg-plugin » master #19 See https://builds.apache.org/job/maven-box/job/maven-gpg-plugin/job/master/19/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599848#comment-16599848 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-jxr » master #34 See https://builds.apache.org/job/maven-box/job/maven-jxr/job/master/34/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599847#comment-16599847 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-jxr » master #34 See https://builds.apache.org/job/maven-box/job/maven-jxr/job/master/34/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599845#comment-16599845 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-ear-plugin » master #46 See https://builds.apache.org/job/maven-box/job/maven-ear-plugin/job/master/46/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599844#comment-16599844 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-ejb-plugin » master #29 See https://builds.apache.org/job/maven-box/job/maven-ejb-plugin/job/master/29/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599843#comment-16599843 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-ejb-plugin » master #29 See https://builds.apache.org/job/maven-box/job/maven-ejb-plugin/job/master/29/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599842#comment-16599842 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-docck-plugin » master #16 See https://builds.apache.org/job/maven-box/job/maven-docck-plugin/job/master/16/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599841#comment-16599841 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-docck-plugin » master #16 See https://builds.apache.org/job/maven-box/job/maven-docck-plugin/job/master/16/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599838#comment-16599838 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-dependency-plugin » master #37 See https://builds.apache.org/job/maven-box/job/maven-dependency-plugin/job/master/37/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599839#comment-16599839 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-dependency-plugin » master #37 See https://builds.apache.org/job/maven-box/job/maven-dependency-plugin/job/master/37/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599837#comment-16599837 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-doap-plugin » master #33 See https://builds.apache.org/job/maven-box/job/maven-doap-plugin/job/master/33/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599836#comment-16599836 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-doap-plugin » master #33 See https://builds.apache.org/job/maven-box/job/maven-doap-plugin/job/master/33/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599833#comment-16599833 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-deploy-plugin » master #26 See https://builds.apache.org/job/maven-box/job/maven-deploy-plugin/job/master/26/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599832#comment-16599832 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-deploy-plugin » master #26 See https://builds.apache.org/job/maven-box/job/maven-deploy-plugin/job/master/26/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (MCOMPILER-359) plexus-java 0.9.10 causes a NullPointer in compiler-plugin 3.8.0
[
https://issues.apache.org/jira/browse/MCOMPILER-359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599830#comment-16599830
]
Marvin edited comment on MCOMPILER-359 at 9/1/18 11:01 PM:
---
See attached, The build succeeds if you remove module-info.java. The opinion
from plexus dev is that they are not responsible for handling anything other
than jar files and it is the responsibility of the compiler plugin to send only
appropriate files or to manage the exceptions, I responded that they should not
be throwing a zip-related error if the file is not a zip.
was (Author: wolfthal):
See attached, The build succeeds if you remove module-info.java. The opinion
from plexus dev is that they are not responsible for handling anything other
than jar files and it the the responsibility of the compiler plugin to send
only appropriate files or to manage the exceptions, I responded that they
should not be throwing a zip-related error if the file is not a zip.
> plexus-java 0.9.10 causes a NullPointer in compiler-plugin 3.8.0
>
>
> Key: MCOMPILER-359
> URL: https://issues.apache.org/jira/browse/MCOMPILER-359
> Project: Maven Compiler Plugin
> Issue Type: Bug
>Affects Versions: 3.8.0
> Environment: Windows 7
> JDK 10.0.2
> Maven 3.5.4
>Reporter: Marvin
>Priority: Major
> Attachments: plugintest.zip
>
>
> If {{}} contains a {{pom}} or {{war}}
> this call:
> {{moduleDescriptor = binaryParser.getModuleDescriptor( path );}}
> throws an {{IOException}}:
> {{zip END header not found}}
> because the file is being treated as a jar file.
> When the call returns to {{CompilerMojo.preparePaths()}} this call returns
> {{null}}:
> {{Throwable cause = pathException.getValue().getCause();}}
> and the next line throws a {{NullPointerException}}:
> {{while ( cause.getCause() != null )}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (MCOMPILER-359) plexus-java 0.9.10 causes a NullPointer in compiler-plugin 3.8.0
[
https://issues.apache.org/jira/browse/MCOMPILER-359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599830#comment-16599830
]
Marvin commented on MCOMPILER-359:
--
See attached, The build succeeds if you remove module-info.java. The opinion
from plexus dev is that they are not responsible for handling anything other
than jar files and it the the responsibility of the compiler plugin to send
only appropriate files or to manage the exceptions, I responded that they
should not be throwing a zip-related error if the file is not a zip.
> plexus-java 0.9.10 causes a NullPointer in compiler-plugin 3.8.0
>
>
> Key: MCOMPILER-359
> URL: https://issues.apache.org/jira/browse/MCOMPILER-359
> Project: Maven Compiler Plugin
> Issue Type: Bug
>Affects Versions: 3.8.0
> Environment: Windows 7
> JDK 10.0.2
> Maven 3.5.4
>Reporter: Marvin
>Priority: Major
> Attachments: plugintest.zip
>
>
> If {{}} contains a {{pom}} or {{war}}
> this call:
> {{moduleDescriptor = binaryParser.getModuleDescriptor( path );}}
> throws an {{IOException}}:
> {{zip END header not found}}
> because the file is being treated as a jar file.
> When the call returns to {{CompilerMojo.preparePaths()}} this call returns
> {{null}}:
> {{Throwable cause = pathException.getValue().getCause();}}
> and the next line throws a {{NullPointerException}}:
> {{while ( cause.getCause() != null )}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (MCOMPILER-359) plexus-java 0.9.10 causes a NullPointer in compiler-plugin 3.8.0
[
https://issues.apache.org/jira/browse/MCOMPILER-359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marvin updated MCOMPILER-359:
-
Attachment: plugintest.zip
> plexus-java 0.9.10 causes a NullPointer in compiler-plugin 3.8.0
>
>
> Key: MCOMPILER-359
> URL: https://issues.apache.org/jira/browse/MCOMPILER-359
> Project: Maven Compiler Plugin
> Issue Type: Bug
>Affects Versions: 3.8.0
> Environment: Windows 7
> JDK 10.0.2
> Maven 3.5.4
>Reporter: Marvin
>Priority: Major
> Attachments: plugintest.zip
>
>
> If {{}} contains a {{pom}} or {{war}}
> this call:
> {{moduleDescriptor = binaryParser.getModuleDescriptor( path );}}
> throws an {{IOException}}:
> {{zip END header not found}}
> because the file is being treated as a jar file.
> When the call returns to {{CompilerMojo.preparePaths()}} this call returns
> {{null}}:
> {{Throwable cause = pathException.getValue().getCause();}}
> and the next line throws a {{NullPointerException}}:
> {{while ( cause.getCause() != null )}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599826#comment-16599826 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-compiler-plugin » master #70 See https://builds.apache.org/job/maven-box/job/maven-compiler-plugin/job/master/70/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599825#comment-16599825 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-compiler-plugin » master #70 See https://builds.apache.org/job/maven-box/job/maven-compiler-plugin/job/master/70/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599820#comment-16599820 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-clean-plugin » master #36 See https://builds.apache.org/job/maven-box/job/maven-clean-plugin/job/master/36/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599819#comment-16599819 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-clean-plugin » master #36 See https://builds.apache.org/job/maven-box/job/maven-clean-plugin/job/master/36/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599817#comment-16599817 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-checkstyle-plugin » master #34 See https://builds.apache.org/job/maven-box/job/maven-checkstyle-plugin/job/master/34/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599816#comment-16599816 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-checkstyle-plugin » master #34 See https://builds.apache.org/job/maven-box/job/maven-checkstyle-plugin/job/master/34/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599814#comment-16599814 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-changes-plugin » master #20 See https://builds.apache.org/job/maven-box/job/maven-changes-plugin/job/master/20/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599813#comment-16599813 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-changes-plugin » master #20 See https://builds.apache.org/job/maven-box/job/maven-changes-plugin/job/master/20/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599812#comment-16599812 ] Hudson commented on MPOM-205: - Build unstable in Jenkins: Maven TLP » maven-assembly-plugin » master #22 See https://builds.apache.org/job/maven-box/job/maven-assembly-plugin/job/master/22/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599811#comment-16599811 ] Hudson commented on MNGSITE-341: Build unstable in Jenkins: Maven TLP » maven-assembly-plugin » master #22 See https://builds.apache.org/job/maven-box/job/maven-assembly-plugin/job/master/22/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599808#comment-16599808 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-changelog-plugin » master #16 See https://builds.apache.org/job/maven-box/job/maven-changelog-plugin/job/master/16/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599807#comment-16599807 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-changelog-plugin » master #16 See https://builds.apache.org/job/maven-box/job/maven-changelog-plugin/job/master/16/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599803#comment-16599803 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-antrun-plugin » master #24 See https://builds.apache.org/job/maven-box/job/maven-antrun-plugin/job/master/24/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599802#comment-16599802 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-antrun-plugin » master #24 See https://builds.apache.org/job/maven-box/job/maven-antrun-plugin/job/master/24/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599798#comment-16599798 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-ant-plugin » master #14 See https://builds.apache.org/job/maven-box/job/maven-ant-plugin/job/master/14/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599799#comment-16599799 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-ant-plugin » master #14 See https://builds.apache.org/job/maven-box/job/maven-ant-plugin/job/master/14/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599794#comment-16599794 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-acr-plugin » master #27 See https://builds.apache.org/job/maven-box/job/maven-acr-plugin/job/master/27/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599795#comment-16599795 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-acr-plugin » master #27 See https://builds.apache.org/job/maven-box/job/maven-acr-plugin/job/master/27/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599791#comment-16599791 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-verifier » master #21 See https://builds.apache.org/job/maven-box/job/maven-verifier/job/master/21/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
[ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599789#comment-16599789 ] Hudson commented on MPOM-205: - Build succeeded in Jenkins: Maven TLP » maven-shared-utils » master #26 See https://builds.apache.org/job/maven-box/job/maven-shared-utils/job/master/26/ > create SHA-512 checksum for source-release archive(s) in > target/checkout/target/ during release > --- > > Key: MPOM-205 > URL: https://issues.apache.org/jira/browse/MPOM-205 > Project: Maven POMs > Issue Type: New Feature > Components: asf >Affects Versions: ASF-20 >Reporter: Hervé Boutemy >Assignee: Hervé Boutemy >Priority: Major > Fix For: ASF-21 > > > currently, during Apache release, checksums are not created in target/ > directory: checksums are created on the fly during deploy to the Maven > repository (for absolutely every artifact, be it "normal" artifacts or source > release) > while source release archive and its signature are available in target/ (or > target/checkout/target during release with Maven Release Plugin), checksums > are not there: this gives people the bad habit to download everything (not > only checksums) from Apache Nexus repository after deploy to copy to Apache > /dist/ > it would be useful to have the checksums for source release available in > target/ (then in target/checkout/target during release) > this would also prepare having new Apache checksums requirements for Apache > mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums > sha256 and sha512 are not used for Maven repositories, but they are required > for Apache source release distribution > Notice: .sha256 and .sha512 files are not only not supported for Maven > repositories, but even not supported: they are considered as artifacts, not > checksums, then require md5 and sha1 checksum files and .asc detached > signature... > Then the .sha512 file is not to be deployed to the Maven repository, only > Apache /dist/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MNGSITE-341) Download pages must use HTTPS for sigs, hashes, KEYS
[ https://issues.apache.org/jira/browse/MNGSITE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16599788#comment-16599788 ] Hudson commented on MNGSITE-341: Build succeeded in Jenkins: Maven TLP » maven-shared-utils » master #26 See https://builds.apache.org/job/maven-box/job/maven-shared-utils/job/master/26/ > Download pages must use HTTPS for sigs, hashes, KEYS > > > Key: MNGSITE-341 > URL: https://issues.apache.org/jira/browse/MNGSITE-341 > Project: Maven Project Web Site > Issue Type: Bug >Reporter: Sebb >Assignee: Hervé Boutemy >Priority: Major > > The download page is generally fine. > However the links to the KEYS, sigs (PGP) and hashes use http; they should > use https. > http://www.apache.org/dev/release-publishing.html#distribution_dist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
