In the Nexus releases repo ( https://repository.apache.org/content/repositories/releases/org)
I notice that some projects (like Arrow) have attached a .asc, .md5, and .sha1 signatures to each artifact. While other projects (like Beam) have additional signatures (.asc.md5, .asc.sha1) for each .asc file. What is the recommended practice?
