> /These repositories and their binaries are "convenience binaries" and
not the official Cassandra source binaries/
Then where are the official binaries?
On 11/08/2022 21:40, Mick Semb Wever wrote:
The proposal is to move our official debian and redhat repositories
from downloads.apache.org <http://downloads.apache.org> to Apache's
JFrog Artifactory server at apache.jfrog.io <http://apache.jfrog.io> ,
fronting it with the url aliases debian.cassandra.apache.org
<http://debian.cassandra.apache.org> and redhat.cassandra.apache.org
<http://redhat.cassandra.apache.org>
That is to replace the following URLs from
https://downloads.apache.org/cassandra/debian/
https://downloads.apache.org/cassandra/redhat/
to
https://debian.cassandra.apache.org
<https://debian.cassandra.apache.org>
https://redhat.cassandra.apache.org
<https://redhat.cassandra.apache.org>
(which in turn redirect to our jfrog repositories at)
https://apache.jfrog.io/artifactory/cassandra-deb
https://apache.jfrog.io/artifactory/cassandra-rpm
The rationale to do this is to avoid the strict checksum and signature
requirements on downloads.a.o (which is the same as dist.a.o), as the
debian and redhat repositories have their own system for integrity and
signing (which we already do).
These repositories and their binaries are "convenience binaries" and
not the official Cassandra source binaries, so they do not need to be
on downloads.a.o and can be served from apache.jfrog.io
<http://apache.jfrog.io>. This is similar to maven binaries (and
docker images).
This will BREAK everyone's existing
`/etc/apt/sources.list.d/cassandra.sources.list` and
`/etc/yum.repos.d/cassandra.repo` files. Folk will need to update
these files to point to the new repo URLs.
The plan is to do the following to ensure people are informed about
this breaking change:
- announcement to users@
- README.md in the original URL locations explaining the breakage and
how to fix. (The README.md must be voted on, signed and checksummed),
- A warning banner on our website downloads page,
- Every release email for the next 12 months will contain the warning.
background: https://issues.apache.org/jira/browse/CASSANDRA-17748
Anyone with any questions/objections?