jira-importer commented on issue #300: URL: https://github.com/apache/maven-install-plugin/issues/300#issuecomment-2771865862
**[Herve Boutemy](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=hboutemy)** commented I'm not convinced install or deploy are the right place to create checksums required by Apache (source) release distribution policy http://www.apache.org/dev/release-distribution Maven repository checksums are applied to every file deployed, in general .pom, .jar, -sources.jar and -javadoc.jar (see https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.5.4/ for example) Apache source release distribution checksum is only for -source-release.zip now that MPOM-205 works, I'm convinced that creating new checksums for Apache release distribution policy at Maven repository level is not the right approach if we want the source release zip sha-512 checksum, we can attach the artifact specifically for this source-release zip but adding sha-512 checksums for absolutely every file in the Maven repository is just overkill IMHO -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
