Ah, thanks fort he clarification, didnt know that.. so I would go with asc and sha512 : )
Am 26.09.19, 01:39 schrieb "Justin Mclean" <jus...@classsoftware.com>: Hi, > we use asc for signing and sha256 or 512 is common for checksum, I think. > This is used in many projects and should be fine and up to date. That correct but you also have sha1 and md5s. > @Justin Mclean or is there any official rule or policy about that? Yes see [1] note the "and SHOULD NOT supply MD5 or SHA-1”. Thanks, Justin 1. https://www.apache.org/dev/release-distribution.html#sigs-and-sums