Clone
Jaikiran Pai
committed
on 18 Mar
SHA1 checksum is no longer recommended by Apache release process
The Apache release process no longer recommends using SHA1 checksums
for ar… Show more
SHA1 checksum is no longer recommended by Apache release process

The Apache release process no longer recommends using SHA1 checksums

for artifacts http://www.apache.org/dev/release-signing.html#sha1.

The commit here removes generation of SHA1 for Ant distribution artifacts.

Furthermore, the checksum generation for artifacts that we upload to

Maven is also now removed, since the Nexus instance generates those dynamically

when the artifacts are uploaded to Nexus as stated at

http://www.apache.org/dev/publishing-maven-artifacts.html#prepare-release :

"You don't need artifacts for your checksum files (if you create any) since Nexus

will create MD5 and SHA1 checksums on the fly anyway."

Show less