Look at https://issues.apache.org/jira/browse/MPOM-244 <https://issues.apache.org/jira/browse/MPOM-244> which should solve this for ASF projects. Konrad
> On 27. May 2021, at 13:29, Janardhan <janardhan.pulivar...@gmail.com> wrote: > > Thank you, for the generous response. > > The file hashes are created by maven-resolver, which supports SHA-512 since >> version 1.5.0 ( https://issues.apache.org/jira/browse/MRESOLVER-56 ). >> If I remember correctly maven-resolver 1.5+ is included since Maven 3.8.1. >> So you would have to update your Maven to 3.8.1 and ` >> -Daether.checksums.algorithms=SHA-512 ` should work then. > > > This works like a charm Frederik. > > The complete command I have used is > > ```sh > mvn -P'distribution,rat' deploy -Daether.checksums.algorithms=SHA-512 > ``` > > This is not signing, this is just a checksum for transport bitrot. > > > Thanks Michael for clarification. > > I think this usage can be documented (explicitly). What do you think? > I am open to giving a PR since all the apache projects use this > functionality. :) > > Regards, > Janardhan > > > On Thu, May 27, 2021 at 1:27 PM Michael Osipov <micha...@apache.org> wrote: > >> Am 2021-05-26 um 09:14 schrieb Janardhan: >>> Hi Maven team, >>> >>> TL;DR: Can we sign (SHA-512) artifacts with gpg plugin and how?. Thanks. >> >> This is not signing, this is just a checksum for transport bitrot. >> If you need SHA-2 hashes use Resolver's new property for this. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >> For additional commands, e-mail: dev-h...@maven.apache.org >> >>
