jira-importer commented on issue #340: URL: https://github.com/apache/maven-apache-parent/issues/340#issuecomment-2771689026
**[Herve Boutemy](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=hboutemy)** commented > Hm, after rereading original issue: "the created SHA512 which is used for the distribution area" – is it maybe us misinterpreting this? +1 there are 2 separate needs that are constantly conflated. I'll show 1 concrete example = the binary distribution of Maven 3.8.4 apache-maven-3.8.4-bin.zip : - there is the sha512 file from Apache distribution area ("Apache distribution area" is ASF specific, obviously): https://archive.apache.org/dist/maven/maven-3/3.8.4/binaries/ - there is (eventually) the sha512 from Maven Central repository: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.4/ : you'll see we even did not publish sha512 here (because Maven core does not use the shared ASF parent POM) let's look at maven wagon wagon-3.5.1-source-release.zip, that uses (like most of our Maven releases) the ASF parent POM for that source-release part: - Apache distribution area ("Apache distribution area" is ASF specific, obviously): https://archive.apache.org/dist/maven/wagon/ - Maven Central repository: https://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon/3.5.1/ Apache distribution area is free form of Apache Software Foundation, governed by ASF rules Maven Central repository area has a Maven2 repository format, governed by Maven code + repository managers and other build/dependency tools reuse + Maven Central reuse In the past, both asked for SHA1 = the start of thinking that both checksums files were forced to be the same When Apache Software Foundation started to require sha512 but not Maven2 repository format, we started to see the mix then when I read the issue title "create correct SHA512 content", it all summarises the lack of clarity we discovered in 2019 when working on MPOM-244: "correct" for which rules? Because at least, ASF and Maven share the SHA-512 algorithm value: now, what should be the format of the .sha512 file in each case is another question (it is expected to be used by who? with which tool? mvn? shasum? other?) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
