I know it’s policy, but why exactly do we have to provide checksum files when the asc file is a already a checksum (and most likely based on SHA256 or 512 anyways)?
On Thu, Aug 15, 2019 at 04:03, sebb <seb...@gmail.com> wrote: > I have had to fix several download pages recently because they > referred to sha512 instead of sha256. > > Please would RMs double-check that the pom has the correct setting and > that the generated download_xyz.xml file corresponds with the file > names? > > In future, I think the hash setting should *always* be specified in > the pom, rather than relying on a default (*) > How does one know whether the setting is missing by accident or design? > (It does not help that the default has been changed twice fairly recently) > > > Sebb. > (*) IMO built-in defaults should only be used for values that are > almost always correct, i.e. where it is unusual to see a different > value. Defaults should never be changed. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- Matt Sicker <boa...@gmail.com>
