GitHub user dkuppitz opened a pull request: https://github.com/apache/tinkerpop/pull/935
TINKERPOP-2025 Change to SHA-256/512 and drop SHA-1 for releases https://issues.apache.org/jira/browse/TINKERPOP-2025 Unfortunately, upgrading the Apache parent pom didn't solve the problem completely. With the upgrade we get the sha512 checksum file for the source release, but not for the other artifacts. This PR upgrades the parent pom, but also adds a step in the release process to replace any remaining sha1 checksum file with its sha512 counterpart. The release validation script was adjusted to reflect those changes; the validation will fail if there exists * a md5 file * a sha1 file * no asc file * no sha512 file ... for any of the release artifacts. VOTE +1 You can merge this pull request into a Git repository by running: $ git pull https://github.com/apache/tinkerpop TINKERPOP-2025 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/tinkerpop/pull/935.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #935 ---- commit 1fb3431910c0b22a06c3c9b86020c9e4db36af96 Author: Daniel Kuppitz <daniel_kuppitz@...> Date: 2018-09-24T15:47:27Z Remove release artifact SHA1 checksums and generate SHA512 checksums instead. ---- ---