You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/09/01 05:32:00 UTC

[jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release

    [ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16599538#comment-16599538 ] 

Hudson commented on MPOM-205:
-----------------------------

Build failed in Jenkins: Maven TLP » maven-enforcer » master #39

See https://builds.apache.org/job/maven-box/job/maven-enforcer/job/master/39/

> create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
> -----------------------------------------------------------------------------------------------
>
>                 Key: MPOM-205
>                 URL: https://issues.apache.org/jira/browse/MPOM-205
>             Project: Maven POMs
>          Issue Type: New Feature
>          Components: asf
>    Affects Versions: ASF-20
>            Reporter: Hervé Boutemy
>            Assignee: Hervé Boutemy
>            Priority: Major
>             Fix For: ASF-21
>
>
> currently, during Apache release, checksums are not created in target/ directory: checksums are created on the fly during deploy to the Maven repository (for absolutely every artifact, be it "normal" artifacts or source release)
> while source release archive and its signature are available in target/ (or target/checkout/target during release with Maven Release Plugin), checksums are not there: this gives people the bad habit to download everything (not only checksums) from Apache Nexus repository after deploy to copy to Apache /dist/
> it would be useful to have the checksums for source release available in target/ (then in target/checkout/target during release)
> this would also prepare having new Apache checksums requirements for Apache mirroring: http://www.apache.org/dev/release-distribution#sigs-and-sums
> sha256 and sha512 are not used for Maven repositories, but they are required for Apache source release distribution
> Notice: .sha256 and .sha512 files are not only not supported for Maven repositories, but even not supported: they are considered as artifacts, not checksums, then require md5 and sha1 checksum files and .asc detached signature...
> Then the .sha512 file is not to be deployed to the Maven repository, only Apache /dist/



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)