> On Mar 5, 2018, at 2:18 PM, Gilles <gil...@harfang.homelinux.org> wrote: > > On Mon, 5 Mar 2018 11:35:27 -0500, Rob Tompkins wrote: >> The plugin only finds the assemblies, and the .asc files. We’ve been >> using the created signatures from nexus. So, I actually am creating >> the same signature files in the plugin. So, we have some leeway in >> deciding what sorts of signatures we want to upload to the “dist” svn >> repo. > > For this, we should (IIUC): > * not use MD5 > * use SHA-512
Should not use, to me, means that we, in our next release, will want to get rid of MD5 and use SHA-512. > > Does the plugin create those checksum files for the "full dist" > archive files for a multi-module maven project? > > Gilles > >> [...] >>>>> >>>>> Old policy : >>>>> >>>>> -- MUST provide a MD5-file >>>>> -- SHOULD provide a SHA-file [SHA-512 recommended] >>>>> >>>>> New policy : >>>>> >>>>> -- MUST provide a SHA- or MD5-file >>>>> -- SHOULD provide a SHA-file >>>>> -- SHOULD NOT provide a MD5-file >>>>> >>>>> [...] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
