maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MPOM-205) create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during release
Date Sat, 01 Sep 2018 21:08:00 GMT

    [ https://issues.apache.org/jira/browse/MPOM-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16599771#comment-16599771
] 

Hudson commented on MPOM-205:
-----------------------------

Build unstable in Jenkins: Maven TLP » maven-reporting-exec » master #14

See https://builds.apache.org/job/maven-box/job/maven-reporting-exec/job/master/14/

> create SHA-512 checksum for source-release archive(s) in target/checkout/target/ during
release
> -----------------------------------------------------------------------------------------------
>
>                 Key: MPOM-205
>                 URL: https://issues.apache.org/jira/browse/MPOM-205
>             Project: Maven POMs
>          Issue Type: New Feature
>          Components: asf
>    Affects Versions: ASF-20
>            Reporter: Hervé Boutemy
>            Assignee: Hervé Boutemy
>            Priority: Major
>             Fix For: ASF-21
>
>
> currently, during Apache release, checksums are not created in target/ directory: checksums
are created on the fly during deploy to the Maven repository (for absolutely every artifact,
be it "normal" artifacts or source release)
> while source release archive and its signature are available in target/ (or target/checkout/target
during release with Maven Release Plugin), checksums are not there: this gives people the
bad habit to download everything (not only checksums) from Apache Nexus repository after deploy
to copy to Apache /dist/
> it would be useful to have the checksums for source release available in target/ (then
in target/checkout/target during release)
> this would also prepare having new Apache checksums requirements for Apache mirroring:
http://www.apache.org/dev/release-distribution#sigs-and-sums
> sha256 and sha512 are not used for Maven repositories, but they are required for Apache
source release distribution
> Notice: .sha256 and .sha512 files are not only not supported for Maven repositories,
but even not supported: they are considered as artifacts, not checksums, then require md5
and sha1 checksum files and .asc detached signature...
> Then the .sha512 file is not to be deployed to the Maven repository, only Apache /dist/



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message