The proposal is to move our official debian and redhat repositories from downloads.apache.org to Apache's JFrog Artifactory server at apache.jfrog.io , fronting it with the url aliases debian.cassandra.apache.org and redhat.cassandra.apache.org
That is to replace the following URLs from https://downloads.apache.org/cassandra/debian/ https://downloads.apache.org/cassandra/redhat/ to https://debian.cassandra.apache.org https://redhat.cassandra.apache.org (which in turn redirect to our jfrog repositories at) https://apache.jfrog.io/artifactory/cassandra-deb https://apache.jfrog.io/artifactory/cassandra-rpm The rationale to do this is to avoid the strict checksum and signature requirements on downloads.a.o (which is the same as dist.a.o), as the debian and redhat repositories have their own system for integrity and signing (which we already do). These repositories and their binaries are "convenience binaries" and not the official Cassandra source binaries, so they do not need to be on downloads.a.o and can be served from apache.jfrog.io. This is similar to maven binaries (and docker images). This will BREAK everyone's existing `/etc/apt/sources.list.d/cassandra.sources.list` and `/etc/yum.repos.d/cassandra.repo` files. Folk will need to update these files to point to the new repo URLs. The plan is to do the following to ensure people are informed about this breaking change: - announcement to users@ - README.md in the original URL locations explaining the breakage and how to fix. (The README.md must be voted on, signed and checksummed), - A warning banner on our website downloads page, - Every release email for the next 12 months will contain the warning. background: https://issues.apache.org/jira/browse/CASSANDRA-17748 Anyone with any questions/objections?
