This is related to MVNCENTRAL-2859 but not the same.
In Gradle 6 we planned to support uploading .sha256 and .sha512 files in addition to the insecure .md5 and .sha1 checksums.
As tested by Marc Philipp from the JUnit team, this works properly on the OSS snapshot repository, but Maven Central refuses them in the validation phase: it considers the `.sha256` and `.sha512` files as regular artifacts instead of checksums, so complains that they miss... checksums and signatures!
It would be great to whitelist those files during validation in order to unblock us, this is important for security, as detailed in the aforementioned ticket.
See https://github.com/gradle/gradle/pull/11053 for details.