You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2021/05/03 19:32:56 UTC

[GitHub] [maven-apache-parent] kwin commented on pull request #40: MPOM-244 upload SHA512 to staging repo as well

kwin commented on pull request #40:
URL: https://github.com/apache/maven-apache-parent/pull/40#issuecomment-831482941


   > ASF releases are solely distributed through dist.apache.org
   
   Not in all Apache projects, look at https://repo1.maven.org/maven2/org/apache/sling/org.apache.sling.api/2.9.0/ or https://repo1.maven.org/maven2/org/apache/felix/org.apache.felix.scr/2.1.8/. Maven Central has the source-release artifacts as well.
   
   > Generating checksums on the fly for remote repos is done by Maven Resolver
   
   Only MD5 and SHA1, SHA512 has been explicitly disabled for performance reasons (https://issues.apache.org/jira/browse/MRESOLVER-140)
   
   > Uploading checksums for a subset of items makes no sense
   
   ASF policy enforces that only for those releases. For the binaries it is never checked (because as you said, Maven will only use MD5/SHA1 to detect transport corruption)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org