squashed and kept only SHA-512 Maven core plugins don't cover everything even quite generic like creating checksums, that's why there are many Maven plugins out there...
Regards, Hervé ----- Mail original ----- De: "Michael Osipov" <micha...@apache.org> À: "Maven Developers List" <dev@maven.apache.org>, "herve boutemy" <herve.bout...@free.fr> Cc: release-disc...@apache.org Envoyé: Mardi 7 Août 2018 23:04:46 Objet: Re: MPOM-205 creating source release checksums in target for Apache dist area Am 2018-08-07 um 22:50 schrieb herve.bout...@free.fr: > Hi, > > Recently, Apache distribution policy changed regarding checksums [1]: now, > SHA-256 or SHA-512 checksums are required. > > This lead to discussion about changing checksums used on Maven repository > and/or Apache Nexus repository. > > But Maven repository requirements and Apache source distribution requirements > are completely independant: why tie them? > > > I just implemented SHA-256 and SHA-512 checksums tracked through MPOM-205 [2]: > 1. only for Apache source release files > 2. only in local build, available in target/ directory (nothing related to > Maven repository nor deploy) > > See the related Git branch [3] > > > Anything to add before I merge this branch to master? > And eventually launch Apache parent POM 21 release quite soon... Please squash. It is a pity to see that none of our plugins can produce the checksums. While the requires says at least one checksum, do you see any huge benefit having SHA512 over 256? I see none. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org