[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release

Fri, 31 Aug 2018 22:32:12 -0700 


    [ 
https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16599538#comment-16599538
 ] 

Hudson commented on MPOM-205:
-----------------------------

Build failed in Jenkins: Maven TLP » maven-enforcer » master #39

See https://builds.apache.org/job/maven-box/job/maven-enforcer/job/master/39/

> create SHA-512 checksum for source-release archive(s) in 
> target/checkout/target/ during release
> -----------------------------------------------------------------------------------------------
>
>                 Key: MPOM-205
>                 URL: https://issues.apache.org/jira/browse/MPOM-205
>             Project: Maven POMs
>          Issue Type: New Feature
>          Components: asf
>    Affects Versions: ASF-20
>            Reporter: Hervé Boutemy
>            Assignee: Hervé Boutemy
>            Priority: Major
>             Fix For: ASF-21
>
>
> currently, during Apache release, checksums are not created in target/ 
> directory: checksums are created on the fly during deploy to the Maven 
> repository (for absolutely every artifact, be it "normal" artifacts or source 
> release)
> while source release archive and its signature are available in target/ (or 
> target/checkout/target during release with Maven Release Plugin), checksums 
> are not there: this gives people the bad habit to download everything (not 
> only checksums) from Apache Nexus repository after deploy to copy to Apache 
> /dist/
> it would be useful to have the checksums for source release available in 
> target/ (then in target/checkout/target during release)
> this would also prepare having new Apache checksums requirements for Apache 
> mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums
> sha256 and sha512 are not used for Maven repositories, but they are required 
> for Apache source release distribution
> Notice: .sha256 and .sha512 files are not only not supported for Maven 
> repositories, but even not supported: they are considered as artifacts, not 
> checksums, then require md5 and sha1 checksum files and .asc detached 
> signature...
> Then the .sha512 file is not to be deployed to the Maven repository, only 
> Apache /dist/



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to