Affects Version/s: 1.16.2
Fix Version/s: 1.17.0
as per updated ASF guidelines.
the .md5 are no longer required.
For every artifact distributed to the public through Apache channels, the PMC
- MUST supply a valid OpenPGP compatible ASCII armored detached signature file,
- MUST supply at least one (SHA or MD5) checksum file,
- SHOULD supply a SHA-1, SHA-256 or SHA-512 checksum file,
- SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).
So, we are compliant already.