Re: eliminating MD5 and SHA1 signatures

2020-01-23 Thread Cédric Champeau
Fwiw if you use Gradle 6+ it publishes sha256 and sha512 by default. Le ven. 17 janv. 2020 à 21:51, leerho a écrit : > When I deploy to repository.apache.org > in addition to the .asc > signatures, either the Maven deploy plugin or the repository always

Re: eliminating MD5 and SHA1 signatures

2020-01-23 Thread Ted Dunning
This is great. Any chance to contribute this plugin to maven? On Thu, Jan 23, 2020 at 12:30 PM Juan Pablo Santos Rodríguez < juanpablo.san...@gmail.com> wrote: > Hi, > > somewhat related to the question, and just in case anyone is interested, > maven can be configured to generate the > .asc

Re: eliminating MD5 and SHA1 signatures

2020-01-23 Thread Juan Pablo Santos Rodríguez
Hi, somewhat related to the question, and just in case anyone is interested, maven can be configured to generate the .asc and .sha512 files for all the build artifacts. At JSPWiki, we overwrite the checksum maven plugin configuration from the ASF parent pom to do this [#1]. When copying the

Re: eliminating MD5 and SHA1 signatures

2020-01-23 Thread Bertrand Delacretaz
On Fri, Jan 17, 2020 at 9:51 PM leerho wrote: > ...either the Maven deploy plugin or the repository always adds > MD5 and SHA1 signatures as well... FWIW, we'd like to stop using MD5 but I don't think we're there yet, the following URLs have more info:

Re: eliminating MD5 and SHA1 signatures

2020-01-22 Thread leerho
Thank you for a very clear answer! On Wed, Jan 22, 2020 at 11:57 AM Christopher wrote: > No. These are generated as part of Maven, and are described as part of > the Maven2 repository layout[1]. They are (optionally) used by the > artifact resolver in the Maven client to validate artifacts when

Re: eliminating MD5 and SHA1 signatures

2020-01-22 Thread Christopher
No. These are generated as part of Maven, and are described as part of the Maven2 repository layout[1]. They are (optionally) used by the artifact resolver in the Maven client to validate artifacts when they are retrieved from a server using the Maven2 repository layout. It's possible that the

eliminating MD5 and SHA1 signatures

2020-01-17 Thread leerho
When I deploy to repository.apache.org in addition to the .asc signatures, either the Maven deploy plugin or the repository always adds MD5 and SHA1 signatures as well. Is there a configuration somewhere that will eliminate these being added? Lee.