Hi Claude, thanks for reaching out - you mix different things here.
The SHA checksums are created manually when I upload the stuff to the ASF dist area. The checksums you linked to in nexus are created during the release build.
This is one of the reasons while each release means 15-20 hours of work ;)I'd be happy if you check if the release 0.18 works for you and adapt your release vote ... the download page https://creadur.apache.org/rat018/download_rat.cgi links to sha512 and PGP checksums and complies with the ASF rules.
Cheers, Phil Am 14.03.26 um 16:28 schrieb Claude Warren:
Apache documentation[1] indicates that MD5 and SHA-1 are deprecated and that we should be using SHA-256 and/or SHA-512 I was unable to find a way to scrape the download directory to grab all the files. Does anyone have a hint for how to do this? +0 The code from the github release compiles and all tests pass. But I think we need to update the digests. [1] https://apache.org/info/verification.html On Thu, Mar 12, 2026 at 2:12 PM Karl Heinz Marbaise <[email protected]> wrote:Hi, +1 from me. Kind regards Karl Heinz Marbaise On 12.03.26 01:03, P. Ottlinger wrote:Hi, Am 12.03.26 um 00:59 schrieb P. Ottlinger:=VOTE is open until 2026-03-19 23:00 UTC= Everyone is encouraged to vote, express their opinions and jump in if they find anything wrong with the release. Only PMC votes are binding on Apache, and for this candidate to become an official Apache Software Foundation release 3 +1's are required and more +1's than -1's. This vote is open for at least 72 hours, [ ] +1+1 I used the Maven plugin and checked some artifacts manually. Cheers, Phil
OpenPGP_signature.asc
Description: OpenPGP digital signature
