-
Type:
Task
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.16.2
-
Fix Version/s: 1.17.0
-
Component/s: None
-
Labels:None
as per updated ASF guidelines.
the .md5 are no longer required.
~~~
https://www.apache.org/dev/release-distribution#sigs-and-sums
For every artifact distributed to the public through Apache channels, the PMC
- MUST supply a valid OpenPGP compatible ASCII armored detached signature file,
- MUST supply at least one (SHA or MD5) checksum file,
- SHOULD supply a SHA-1, SHA-256 or SHA-512 checksum file,
- SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).
So, we are compliant already.