The signing of the rpm/deb packages (and their repos) will not change. Only the URL to the rpm/deb repo changes. All files (checksums and signatures) otherwise remain identical.
On Thu, 11 Aug 2022 at 23:20, Bowen Song via dev <dev@cassandra.apache.org> wrote: > In that case, the move from signed RPM/DEB to unsigned can be quiet > problematic to some enterprise users. > On 11/08/2022 22:16, Jeremiah D Jordan wrote: > > For ASF project the binary release are always considered as “convenience > binaries”, the official release is always just the source artifacts. See > the ASF release policy for more information. > > https://www.apache.org/legal/release-policy.html#compiled-packages > > > On Aug 11, 2022, at 4:12 PM, Bowen Song via dev <dev@cassandra.apache.org> > wrote: > > I'm a bit unclear what's the scope of this change. Is it limited to the > "*-bin.tar.gz" files only? > > I would assume the RPM/DEB packages are considered as parts of the > "official releases", and aren't affected by this change. Am I right? > > > On 11/08/2022 21:59, Mick Semb Wever wrote: > > > > *These repositories and their binaries are "convenience binaries" and >> not the official Cassandra source binaries* >> >> Then where are the official binaries? >> > > > Wrong wording there., thanks for catching me. > The official *releases* are the source artefacts, e.g. the *-src.tar.gz in > https://downloads.apache.org/cassandra/4.0.5/ > > The binaries (e.g. *-bin.tar.gz) are not considered official, but > convenience. > > https://infra.apache.org/release-distribution.html#release-content > https://www.apache.org/legal/release-policy.html#artifacts > >
