@tony.kay @hlship @seancorfield @slipset FYI: Clojars no longer requires checksum files for signature files (as of a few minutes ago), since that is the new maven/aether default. Please let me know if you see any issues!
I haven't signed artifacts for Clojars for years -- and part of the reason I switched my projects from Leiningen to Boot was to get away from lein's "obsession" with signing stuff and the fragile GPG ecosystem 🙂
Understood. I just pinged you since you were involved in this thread: https://clojurians.slack.com/archives/C0H28NMAS/p1679955780176239
Did the Maven/Aether project say why it was making this change? (apologies if you posted that and I missed it)
Not that I could find, but I may not be looking in the right places.
I just find references to tooling adjusting to the change, also w/o a link to the source issue/justification
Weird, since it seems to have been a breaking change and fairly far-reaching...
It's possible Clojars was the only repo requiring checksums on signatures if there were other checksums. Sending them for signatures has always been optional, but on by default.
Ah, gotcha.