It seems we cannot avoid md5 and sha1 in the nexus repository. All repository have md5 and sha1 and maven-release-plugin is not uploading md5 and sha1. https://repository.apache.org/content/repositories/orgapachemesos-1232/org/apache/mesos/mesos/1.7.0/ https://repository.apache.org/content/repositories/orgapachehadoop-1166/org/apache/hadoop/hadoop-common/2.9.2/
In the distribution repos, I'll provide only sha512. BTW, most of ASF TLP project are still using not recommended (but accepted) md5 or sha1. https://dist.apache.org/repos/dist/dev/lucene/lucene-solr-7.3.0-RC1-reveb8a5a882f879a51389b5d43f74f3aceac9e68c9/lucene/ https://dist.apache.org/repos/dist/dev/hadoop/3.0.3-RC0/ Makoto 2018年11月15日(木) 18:51 Makoto Yui <m...@apache.org>: > > Removed md5 and replaced sha1 with sha512 following new ASF policy. > > https://dist.apache.org/repos/dist/dev/incubator/hivemall/0.5.2-incubating-rc1/ > > Updated verification guide as well to use sha512. > https://hivemall.incubator.apache.org/verify_artifacts.html > > So, please cast your vote. > > Thanks, > Makoto > 2018年11月15日(木) 17:55 Makoto Yui <yuin...@gmail.com>: > > > > Oh, I reminded that I discussed about the policy change in the past > > https://markmail.org/thread/tbrxutjv4mhuvpyb > > > > MUST supply a valid OpenPGP-compatible ASCII-armored detached signature file > > => we did > > MUST supply at least one checksum file > > => we did > > SHOULD supply a SHA-256 and/or SHA-512 checksum file > > => sha1 but it's not mandatory (for SHOULD) > > SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are > > deprecated) > > => provided sha1 but it's accepted (for SHOULD) > > > > So, the current signature follows the policy. > > > > Anyway, I'll replace sha1 with sha512. > > > > Makoto > > 2018年11月15日(木) 17:47 Makoto Yui <yuin...@gmail.com>: > > > > > > Akira, > > > > > > Oh... Policy has been changed the last release. > > > > > > So, I'll add sha512 checksum. > > > https://hivemall.incubator.apache.org/release-guide.html#Attach_signatures_for_shaded_jars > > > > > > Thank you for checking. > > > > > > Makoto > > > 2018年11月15日(木) 17:43 Akira Ajisaka <aajis...@apache.org>: > > > > > > > > Thanks Makoto for preparing the release. > > > > > > > > Would you prepare sha256 or/and sha512 checksums instead of md5/sha1? > > > > https://www.apache.org/dev/release-distribution.html#sigs-and-sums > > > > > > > > Thanks, > > > > Akira > > > > 2018年11月15日(木) 17:32 Makoto Yui <m...@apache.org>: > > > > > > > > > > Hi all, > > > > > > > > > > Apache Hivmeall 0.5.2 release candidate #1 is now available for a vote > > > > > within dev community. > > > > > > > > > > Links to various release artifacts are given below. Please review and > > > > > cast your vote. > > > > > > > > > > - The source tarball, including signatures, digests, ChangeLog, > > > > > etc.: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/hivemall/0.5.2-incubating-rc1/ > > > > > - Sources for the release: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/hivemall/0.5.2-incubating-rc1/hivemall-0.5.2-incubating-source-release.zip > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/hivemall/0.5.2-incubating-rc1/hivemall-0.5.2-incubating-source-release.zip.asc > > > > > (PGP Signature) > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/hivemall/0.5.2-incubating-rc1/hivemall-0.5.2-incubating-source-release.zip.md5 > > > > > (MD5 Hash) > > > > > - Git tag for the release: > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=incubator-hivemall.git;a=shortlog;h=refs/tags/v0.5.2-rc1 > > > > > - The Nexus Staging URL: > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachehivemall-1004/ > > > > > - KEYS file for verification: > > > > > https://dist.apache.org/repos/dist/dev/incubator/hivemall/KEYS > > > > > - For information about the contents of this release, see: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/hivemall/0.5.2-incubating-rc1/ChangeLog.html > > > > > > > > > > Find Podling releases policies in > > > > > https://incubator.apache.org/policy/incubation.html#releases > > > > > http://www.apache.org/legal/release-policy.html > > > > > > > > > > Artifacts verification how-to can be found in > > > > > http://hivemall.incubator.apache.org/verify_artifacts.html > > > > > > > > > > The vote will be open for at least 72 hours and until necessary number > > > > > of votes are reached. > > > > > > > > > > At lease three +1 from PPMC members are required and we welcome your > > > > > vote! > > > > > > > > > > [ ] +1 approve (Release this package as Apache Hivemall > > > > > 0.5.2-incubating) > > > > > [ ] +0 no opinion > > > > > [ ] -1 disapprove (and reason why) > > > > > > > > > > Here is my +1 (binding). > > > > > > > > > > Regards, > > > > > Makoto > > > > > > > > > > -- > > > > > Makoto YUI <myui AT apache.org> > > > > > Principal Engineer, Arm Treasure Data. > > > > > http://myui.github.io/ > > -- > Makoto YUI <myui AT apache.org> > Principal Engineer, Arm Treasure Data. > http://myui.github.io/ -- Makoto YUI <myui AT apache.org> Principal Engineer, Arm Treasure Data. http://myui.github.io/
