Hi Frank,
I confirm that 2.16.7 is an official release of the 2.16 long-time support branch of Mbed TLS, alongside 2.7.16 for the 2.7 branch and 2.23.0 for the latest features. Everyone should update to one of these versions since they fix security issues and other bugs.
We're progressively transitioning the project from Arm infrastructure to TrustedFirmware infrastructure. Eventually we'll decommission the existing tls.mbed.org, and we intend to distribute releases via trustedfirmware.org. We no longer intend to reference new releases directly on https://tls.mbed.org/download-archive . For the time being, we're distributing via GitHub. However, it isn't right that https://tls.mbed.org/download-archive links to https://github.com/ARMmbed/mbedtls/releases/ which doesn't list LTS branches. We need to link from https://tls.mbed.org/download-archive to the place that has the latest LTS releases one way or the other.
There are no longer separate archives with Apache and GPL licenses. These archives were always identical except for license headers. Now LTS releases are distributed as a single archive in which the files are dual-licensed.
The naming with mbedtls-mbedtls- must be a bug in our release script. Thanks for noticing.
I don't think we made a conscious decision not to provide official checksums. I can see the value of having them so let's try to incorporate those in our new release process.
mbed-tls@lists.trustedfirmware.org