Robert Scholte opened MARTIFACT-1 and commented
With every release we provide a sha512, but it is quite hard to verify this.
What I do is compare the provided checksum and calculated checksum by eye.
It would be better if there's a goal that calculates the checksum and verifies it with a provided value.
e.g artifact:checksum -Dsha512=1a2b3c4d5e6f7890...
This will be for the main artifact.
However, we need to verify a specific file with classifier and extension, i.e. source-release.zip
So probably we need to do something like artifact:checksum -Dsha512[source-release:zip]=1a2b3c4d5e6f7890...
No further details from MARTIFACT-1
Robert Scholte opened MARTIFACT-1 and commented
With every release we provide a sha512, but it is quite hard to verify this.
What I do is compare the provided checksum and calculated checksum by eye.
It would be better if there's a goal that calculates the checksum and verifies it with a provided value.
e.g
artifact:checksum -Dsha512=1a2b3c4d5e6f7890...This will be for the main artifact.
However, we need to verify a specific file with classifier and extension, i.e. source-release.zip
So probably we need to do something like
artifact:checksum -Dsha512[source-release:zip]=1a2b3c4d5e6f7890...No further details from MARTIFACT-1