Le 31/03/2018 à 22:42, Daniel Dekany a écrit :
We are talking about two different things. The material linked by
Jacopo talks about the checksums used on dist.apache.org (like
https://dist.apache.org/repos/dist/dev/freemarker/engine/2.3.28/source/),
not about the Maven repositories.
Also, as far as I see, everybody only has md5 and sha1 in the Maven
repositories. It's generated by Maven itself. I guess that isn't
supposed to protect against fraud...
Ho right, I confused the 2 things. I see the right thing now at
https://dist.apache.org/repos/dist/dev/freemarker/engine/2.3.28/binaries/apache-freemarker-2.3.28-bin.tar.gz.sha512
Sorry for the noise
Jacques
