jira-importer commented on issue #301: URL: https://github.com/apache/maven-install-plugin/issues/301#issuecomment-2771866062
**[Robert Scholte](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=rfscholte)** commented Insecure or broken? Anyway, even though these files are now generated by the maven-install-plugin, I think they belong to the maven-deploy-plugin. And this matches the behavior I've seen by Aether. I think it is the responsibility of the artifact repository manager to define the policy on how strong hashes should be, so I have my doubts if warnings should be generated by plugins. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
