The report is correct.
When we moved to SHA512 we had to additionally create them.
Then for 3.9.0, the Apache release profile did it for source-release.
Doing it for source-release is the only required part in ASF release policy.
We can either
1: put back the addition step to add SHA512 the binaries
2: change the download page to reference the sha1's
I'm inclined to do (1) to keep the download page clean
(it needs the source-release being made more prominent IMO; this
binaries downloads are nowadays rather less important than the maven
channel).
Does anyone know of a standalone way to do "mvn
dependency:copy-dependencies"? If there is such a thing, we can consider
using the maven channel for non-maven usage.
Andy
On 24/10/2018 16:38, Lucas Werkmeister wrote:
Hi!
I’m not sure if this email address is the best way to report the issue
(I found it when trying to “improve this page” using the link in the
upper right corner), but FYI: the Apache Jena Releases page [1] links to
SHA512 files for the downloads, but those files don’t actually exist;
instead, according to the automatically generated index [2], there are
SHA1 files. You might want to change your CGI script to link to those
instead.
Best regards,
Lucas Werkmeister
[1]: https://jena.apache.org/download/index.cgi
[2]: https://www.apache.org/dist/jena/binaries/
