Re: MPOM-205 creating source release checksums in target for Apache dist area

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: MPOM-205 creating source release checksums in target for Apache dist area

Hervé BOUTEMY
squashed and kept only SHA-512

Maven core plugins don't cover everything even quite generic like creating checksums, that's why there are many Maven plugins out there...

Regards,

Hervé

----- Mail original -----
De: "Michael Osipov" <[hidden email]>
À: "Maven Developers List" <[hidden email]>, "herve boutemy" <[hidden email]>
Cc: [hidden email]
Envoyé: Mardi 7 Août 2018 23:04:46
Objet: Re: MPOM-205 creating source release checksums in target for Apache dist area

Am 2018-08-07 um 22:50 schrieb [hidden email]:

> Hi,
>
> Recently, Apache distribution policy changed regarding checksums [1]: now, SHA-256 or SHA-512 checksums are required.
>
> This lead to discussion about changing checksums used on Maven repository and/or Apache Nexus repository.
>
> But Maven repository requirements and Apache source distribution requirements are completely independant: why tie them?
>
>
> I just implemented SHA-256 and SHA-512 checksums tracked through MPOM-205 [2]:
> 1. only for Apache source release files
> 2. only in local build, available in target/ directory (nothing related to Maven repository nor deploy)
>
> See the related Git branch [3]
>
>
> Anything to add before I merge this branch to master?
> And eventually launch Apache parent POM 21 release quite soon...

Please squash.

It is a pity to see that none of our plugins can produce the checksums.
While the requires says at least one checksum, do you see any huge
benefit having SHA512 over 256? I see none.

Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]