[
https://issues.apache.org/jira/browse/BEAM-3717?focusedWorklogId=153604&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-153604
]
ASF GitHub Bot logged work on BEAM-3717:
----------------------------------------
Author: ASF GitHub Bot
Created on: 11/Oct/18 17:42
Start Date: 11/Oct/18 17:42
Worklog Time Spent: 10m
Work Description: charlesccychen closed pull request #6631: [BEAM-3717]
Fix problems with Beam downloads page
URL: https://github.com/apache/beam/pull/6631
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/website/src/get-started/downloads.md
b/website/src/get-started/downloads.md
index 34d02e1931e..27aa7c9caef 100644
--- a/website/src/get-started/downloads.md
+++ b/website/src/get-started/downloads.md
@@ -61,6 +61,17 @@ at scale.
You can download the source code package for a release from the links in the
[Releases](#releases) section.
+### Release integrity
+
+You *must* (verify)[https://www.apache.org/info/verification.html] the
integrity
+of downloaded files. We provide OpenPGP signatures for every release file. This
+signature should be matched against the
+(KEYS)[https://www.apache.org/dist/beam/KEYS] file which contains the OpenPGP
+keys of Apache Beam's Release Managers. We also provide SHA-512 checksums for
+every release file (or SHA-1 and MD5 checksums for older releases). After you
+download the file, you should calculate a checksum for your download, and make
+sure it is the same as ours.
+
## API stability
@@ -80,48 +91,62 @@ versions denoted `0.x.y`.
## Releases
### 2.7.0 (2018-10-02)
-Official [source code
download](https://dist.apache.org/repos/dist/release/beam/2.7.0/apache-beam-2.7.0-source-release.zip)
-[SHA-512](https://dist.apache.org/repos/dist/release/beam/2.7.0/apache-beam-2.7.0-source-release.zip.sha512)
-[signature](https://dist.apache.org/repos/dist/release/beam/2.7.0/apache-beam-2.7.0-source-release.zip.asc).
+Official [source code
download](https://www.apache.org/dist/beam/2.7.0/apache-beam-2.7.0-source-release.zip).
+[SHA-512](https://www.apache.org/dist/beam/2.7.0/apache-beam-2.7.0-source-release.zip.sha512).
+[signature](https://www.apache.org/dist/beam/2.7.0/apache-beam-2.7.0-source-release.zip.asc).
[Release
notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319527&version=12343654).
### 2.6.0 (2018-08-08)
-Official [source code
download](https://archive.apache.org/dist/beam/2.6.0/apache-beam-2.6.0-source-release.zip)
-[SHA-512](https://archive.apache.org/dist/beam/2.6.0/apache-beam-2.6.0-source-release.zip.sha512)
+Official [source code
download](https://archive.apache.org/dist/beam/2.6.0/apache-beam-2.6.0-source-release.zip).
+[SHA-512](https://archive.apache.org/dist/beam/2.6.0/apache-beam-2.6.0-source-release.zip.sha512).
[signature](https://archive.apache.org/dist/beam/2.6.0/apache-beam-2.6.0-source-release.zip.asc).
[Release
notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319527&version=12343392).
### 2.5.0 (2018-06-06)
-Official [source code
download](https://archive.apache.org/dist/beam/2.5.0/apache-beam-2.5.0-source-release.zip)
-[SHA-512](https://archive.apache.org/dist/beam/2.5.0/apache-beam-2.5.0-source-release.zip.sha512)
+Official [source code
download](https://archive.apache.org/dist/beam/2.5.0/apache-beam-2.5.0-source-release.zip).
+[SHA-512](https://archive.apache.org/dist/beam/2.5.0/apache-beam-2.5.0-source-release.zip.sha512).
[signature](https://archive.apache.org/dist/beam/2.5.0/apache-beam-2.5.0-source-release.zip.asc).
[Release
notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319527&version=12342847).
### 2.4.0 (2018-03-20)
-Official [source code
download](https://archive.apache.org/dist/beam/2.4.0/apache-beam-2.4.0-source-release.zip)
+Official [source code
download](https://archive.apache.org/dist/beam/2.4.0/apache-beam-2.4.0-source-release.zip).
+[SHA-512](https://archive.apache.org/dist/beam/2.4.0/apache-beam-2.4.0-source-release.zip.sha512).
+[signature](https://archive.apache.org/dist/beam/2.4.0/apache-beam-2.4.0-source-release.zip.asc).
[Release
notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319527&version=12342682).
### 2.3.0 (2018-01-30)
Official [source code
download](https://archive.apache.org/dist/beam/2.3.0/apache-beam-2.3.0-source-release.zip).
+[SHA-1](https://archive.apache.org/dist/beam/2.3.0/apache-beam-2.3.0-source-release.zip.sha1).
+[MD5](https://archive.apache.org/dist/beam/2.3.0/apache-beam-2.3.0-source-release.zip.md5).
+[signature](https://archive.apache.org/dist/beam/2.3.0/apache-beam-2.3.0-source-release.zip.asc).
[Release
notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319527&version=12341608).
### 2.2.0 (2017-12-02)
Official [source code
download](https://archive.apache.org/dist/beam/2.2.0/apache-beam-2.2.0-source-release.zip).
+[SHA-1](https://archive.apache.org/dist/beam/2.2.0/apache-beam-2.2.0-source-release.zip.sha1).
+[MD5](https://archive.apache.org/dist/beam/2.2.0/apache-beam-2.2.0-source-release.zip.md5).
+[signature](https://archive.apache.org/dist/beam/2.2.0/apache-beam-2.2.0-source-release.zip.asc).
[Release
notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319527&version=12341044).
### 2.1.0 (2017-08-23)
Official [source code
download](https://archive.apache.org/dist/beam/2.1.0/apache-beam-2.1.0-source-release.zip).
+[SHA-1](https://archive.apache.org/dist/beam/2.1.0/apache-beam-2.1.0-source-release.zip.sha1).
+[MD5](https://archive.apache.org/dist/beam/2.1.0/apache-beam-2.1.0-source-release.zip.md5).
+[signature](https://archive.apache.org/dist/beam/2.1.0/apache-beam-2.1.0-source-release.zip.asc).
[Release
notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319527&version=12340528).
### 2.0.0 (2017-05-17)
Official [source code
download](https://archive.apache.org/dist/beam/2.0.0/apache-beam-2.0.0-source-release.zip).
+[SHA-1](https://archive.apache.org/dist/beam/2.0.0/apache-beam-2.0.0-source-release.zip.sha1).
+[MD5](https://archive.apache.org/dist/beam/2.0.0/apache-beam-2.0.0-source-release.zip.md5).
+[signature](https://archive.apache.org/dist/beam/2.0.0/apache-beam-2.0.0-source-release.zip.asc).
[Release
notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319527&version=12339746).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 153604)
Time Spent: 1h (was: 50m)
> Problems with download page
> ---------------------------
>
> Key: BEAM-3717
> URL: https://issues.apache.org/jira/browse/BEAM-3717
> Project: Beam
> Issue Type: Bug
> Components: website
> Reporter: Sebb
> Assignee: Melissa Pashniak
> Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
> The download page has some problems:
> 1) Links to previous releases are broken.
> These should either be removed, or be converted to use the archive server,
> e.g. instead of
> https://www.apache.org/dyn/closer.cgi?filename=beam/2.2.0/apache-beam-2.2.0-source-release.zip&action=download
> use
> https://archive.apache.org/dist/beam/2.2.0/apache-beam-2.2.0-source-release.zip
> 2) The download page must include links to the signature (.asc) file and
> hashes for all downloads.
> These must be linked from https://www.apache.org/dist/beam/... (or
> archive.apache.org for older releases)
> 3) There should be a link to the KEYS file at
> https://www.apache.org/dist/beam/KEYS
> 4) There should be instructions on the need to verify downloads.
> See for example:
> https://tomcat.apache.org/download-70.cgi#Release_Integrity
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
