On Sat, May 19, 2018 at 6:38 AM, ajs6f <aj...@apache.org> wrote: > > On May 19, 2018, at 5:34 AM, Emmanuel Bourg <ebo...@apache.org> wrote: > > On 18/05/2018 17:30, Gary Gregory wrote: > > > >> Thoughts? > > > > I wouldn't bother. The checksum is just there to ensure the download > worked properly, and for this even md5 is fine. > > > > The authenticity of the artifacts is ensured by the GPG signatures. > > > > Emmanuel Bourg > > True, but there's a considerable portion of users who check the checksums > and nothing else. >
The Commons release plugin in git master now has a goal that generates a target/VOTE.txt file which includes both SHA-1 and SHA-256 hashes. Gary > ajs6f > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
