jira-importer commented on issue #263: URL: https://github.com/apache/maven-install-plugin/issues/263#issuecomment-2771862082
**[Karl Heinz Marbaise](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=khmarbaise)** commented Hi [chonton](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=chonton), this is only about the generation of the checksums which will be moved to the deploy plugin (or more accurate into artifact-transfer component). This has nothing to do with signing (see maven-gpg-plugin)...apart from that the ASF (Maven project also) does staging first but the staging of the artifacts includes already the checksums (md5, sha1) of the artifacts ...and Maven project uses GPG keys to sign artifacts which is also included during the staging (Take a look at the VOTE which is running on dev list)...furthermore the jira is not intended as discussion such things should be done on the dev mailing list... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
