[
https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hervé Boutemy updated MPOM-205:
-------------------------------
Description:
currently, during Apache release, checksums are not created in target/
directory: checksums are created on the fly during deploy to the Maven
repository (for absolutely every artifact, be it "normal" artifacts or source
release)
while source release archive and its signature are available in target/ (or
target/checkout/target during release with Maven Release Plugin), checksums are
not there: this gives people the bad habit to download everything (not only
checksums) from Apache Nexus repository after deploy to copy to Apache /dist/
it would be useful to have the checksums for source release available in
target/ (then in target/checkout/target during release)
this would also prepare having new Apache checksums requirements for Apache
mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums
sha256 and sha512 are not used for Maven repositories, but they are required
for Apache source release distribution
Notice: .sha256 and .sha512 files are not only not supported for Maven
repositories, but even not supported: they are considered as artifacts, not
checksums, then require md5 and sha1 checksum files and .asc detached
signature...
Then the .sha512 file is not to be deployed to the Maven repository, only
Apache /dist/
was:
currently, during Apache release, checksums are not created in target/
directory: checksums are created on the fly during deploy to the Maven
repository (for absolutely every artifact, be it "normal" artifacts or source
release)
while source release archive and its signature are available in target/ (or
target/checkout/target during release with Maven Release Plugin), checksums are
not there: this gives people the bad habit to download everything (not only
checksums) from Apache Nexus repository after deploy to copy to Apache /dist/
it would be useful to have the checksums for source release available in
target/ (then in target/checkout/target during release)
this would also prepare having new Apache checksums requirements for Apache
mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums
sha256 and sha512 are not used for Maven repositories, but they are required
for Apache source release distribution
Notice: .sha256 and .sha512 files are not only not supported for Maven
repositories, but even not supported: they are considered as artifacts, not
checksums, then require md5 and sha1 checksum files and .asc detached
signature...
> create SHA-512 checksum for source-release archive(s) in
> target/checkout/target/ during release
> -----------------------------------------------------------------------------------------------
>
> Key: MPOM-205
> URL: https://issues.apache.org/jira/browse/MPOM-205
> Project: Maven POMs
> Issue Type: New Feature
> Components: asf
> Affects Versions: ASF-20
> Reporter: Hervé Boutemy
> Assignee: Hervé Boutemy
> Priority: Major
> Fix For: ASF-21
>
>
> currently, during Apache release, checksums are not created in target/
> directory: checksums are created on the fly during deploy to the Maven
> repository (for absolutely every artifact, be it "normal" artifacts or source
> release)
> while source release archive and its signature are available in target/ (or
> target/checkout/target during release with Maven Release Plugin), checksums
> are not there: this gives people the bad habit to download everything (not
> only checksums) from Apache Nexus repository after deploy to copy to Apache
> /dist/
> it would be useful to have the checksums for source release available in
> target/ (then in target/checkout/target during release)
> this would also prepare having new Apache checksums requirements for Apache
> mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums
> sha256 and sha512 are not used for Maven repositories, but they are required
> for Apache source release distribution
> Notice: .sha256 and .sha512 files are not only not supported for Maven
> repositories, but even not supported: they are considered as artifacts, not
> checksums, then require md5 and sha1 checksum files and .asc detached
> signature...
> Then the .sha512 file is not to be deployed to the Maven repository, only
> Apache /dist/
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
