ted by maven-resolver, which supports SHA-512 since
>> version 1.5.0 ( https://issues.apache.org/jira/browse/MRESOLVER-56 ).
>> If I remember correctly maven-resolver 1.5+ is included since Maven 3.8.1.
>> So you would have to update your Maven to 3.8.1 and `
>> -Daeth
Thank you, for the generous response.
The file hashes are created by maven-resolver, which supports SHA-512 since
> version 1.5.0 ( https://issues.apache.org/jira/browse/MRESOLVER-56 ).
> If I remember correctly maven-resolver 1.5+ is included since Maven 3.8.1.
> So you would have to up
Am 2021-05-26 um 09:14 schrieb Janardhan:
Hi Maven team,
TL;DR: Can we sign (SHA-512) artifacts with gpg plugin and how?. Thanks.
This is not signing, this is just a checksum for transport bitrot.
If you need SHA-2 hashes use Resolver's new property
Hi Janardhan,
The maven-gpg-plugin is only responsible for creating the "asc" files which
contain the PGP signature.
The file hashes are created by maven-resolver, which supports SHA-512 since
version 1.5.0 ( https://issues.apache.org/jira/browse/MRESOLVER-56 ).
If I remember corre
Hi Maven team,
TL;DR: Can we sign (SHA-512) artifacts with gpg plugin and how?. Thanks.
1. We are trying to sign Apache SystemDS[0] release artifacts with
gpg-plugin,
we are only receiving the `.md5` and `.sha1` without the
`-Daether.checksums.algorithms=SHA-512` flag as per [1][4].
2
Oleg Gusakov wrote:
fyi:
- maven password encryption uses SHA-256 and switching to SHA-512
could be done using optional encrypted string attributes to ensure
decryption of the existing passwords. SHA-256 is already SHA2 family
and has not been cracked yet, so we can wait. Main question
Brian Fox wrote:
Oleg Gusakov wrote:
fyi:
- maven password encryption uses SHA-256 and switching to SHA-512
could be done using optional encrypted string attributes to ensure
decryption of the existing passwords. SHA-256 is already SHA2 family
and has not been cracked yet, so we can
just a heads up that maven may need to switch from SHA1 to SHA512 (or
higher). not sure how difficult that will be.
- robert
-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail:
For artifact checksums? They are not a security measure, so I don't
think increasing their length is of benefit.
Having read the same mail I'm guessing you did, it made me reflect and
we probably should have kept using md5 for efficiency TBH.
Cheers,
Brett
On 06/05/2009, at 4:11 PM,
On Wed, May 6, 2009 at 7:27 AM, Brett Porter br...@apache.org wrote:
For artifact checksums? They are not a security measure, so I don't think
increasing their length is of benefit.
Having read the same mail I'm guessing you did, it made me reflect and we
probably should have kept using md5
fyi:
- maven password encryption uses SHA-256 and switching to SHA-512 could
be done using optional encrypted string attributes to ensure decryption
of the existing passwords. SHA-256 is already SHA2 family and has not
been cracked yet, so we can wait. Main question was availability of
SHA
11 matches
Mail list logo
