michael-o commented on pull request #40: URL: https://github.com/apache/maven-apache-parent/pull/40#issuecomment-947449168
> > > I do agree with > > > I consider SHA-2 for Maven Central as mostly pointless and pure waste of CPU cycles. > > but the same is true for MD5 and SHA1. It would have been wise to use a (non-secure) hash = checksum for Maven in the first place, but this is outside the scope of this issue. Exactly! > The format of hashes in Apache Dist are standardized among all ASF projects and the information from https://www.apache.org/info/verification.html implies that you MUST(!) use the raw hash in the files! I don't see this requirement of raw hash. Can you explicitly show me? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
