Hi, As per https://www.apache.org/dev/release-signing.html we should stop using md5 digests and point to the sha1 digests that we already have, instead (because md5 is broken nowadays).
I have made that change at http://sling.apache.org/downloads.cgi to point to sha1 digests - and fixed a bunch of broken links there at the same time, where versions where out of sync with https://dist.apache.org/repos/dist/release/sling/ Does anyone know how to disable the creation of md5 digests in our release builds? I have the impression that it's repository.apache.org that addds them: if I do a "maven:deploy" on one of our modules, they're not shown as being uploaded but are present in the repository.a.o folder. -Bertrand