On Tue, 07 Aug 2018 23:29:04 +0200, <[email protected]> wrote:
squashed and kept only SHA-512
Maven core plugins don't cover everything even quite generic like
creating checksums, that's why there are many Maven plugins out there...
Maven Resolver generates these files while deploying, so for us there was
no real need for a specific plugin. With the different demand from ASF we
should consider writing a maven-checksum-plugin.
Robert
Regards,
Hervé
----- Mail original -----
De: "Michael Osipov" <[email protected]>
À: "Maven Developers List" <[email protected]>, "herve boutemy"
<[email protected]>
Cc: [email protected]
Envoyé: Mardi 7 Août 2018 23:04:46
Objet: Re: MPOM-205 creating source release checksums in target for
Apache dist area
Am 2018-08-07 um 22:50 schrieb [email protected]:
Hi,
Recently, Apache distribution policy changed regarding checksums [1]:
now, SHA-256 or SHA-512 checksums are required.
This lead to discussion about changing checksums used on Maven
repository and/or Apache Nexus repository.
But Maven repository requirements and Apache source distribution
requirements are completely independant: why tie them?
I just implemented SHA-256 and SHA-512 checksums tracked through
MPOM-205 [2]:
1. only for Apache source release files
2. only in local build, available in target/ directory (nothing related
to Maven repository nor deploy)
See the related Git branch [3]
Anything to add before I merge this branch to master?
And eventually launch Apache parent POM 21 release quite soon...
Please squash.
It is a pity to see that none of our plugins can produce the checksums.
While the requires says at least one checksum, do you see any huge
benefit having SHA512 over 256? I see none.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
