Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
With every release we provide a sha512, but it is quite hard to verify this.
What I do is compare the provided checksum and calculated checksum by eye.
It would be better if there's a goal that calculates the checksum and verifies it with a provided value.
e.g artifact:checksum -Dsha512=1a2b3c4d5e6f7890...
This will be for the main artifact.
However, we need to verify a specific file with classifier and extension, i.e. source-release.zip
So probably we need to do something like artifact:checksum -Dsha512[source-release:zip]=1a2b3c4d5e6f7890...