You should be able to get them here: https://dist.apache.org/repos/dist/release/drill/drill-1.0.0/
On Sun, May 24, 2015 at 5:12 PM, Neal McBurnett <[email protected]> wrote: > Congratulations - sounds like a great milestone, and I want to get it! > > So I go to http://drill.apache.org/download/ > > and thence to > > http://www.apache.org/dyn/closer.cgi/drill/drill-1.0.0/apache-drill-1.0.0.tar.gz > > where it prominently says, under VERIFY THE INTEGRITY OF THE FILES: > It is essential that you verify the integrity of the downloaded file > using the PGP signature (.asc file) or a hash (.md5 or .sha file). Please > read Verifying Apache Software Foundation Releases for more information on > why you should verify our releases. > > The PGP signature can be verified using PGP or GPG. First download the > KEYS as well as the asc signature file for the relevant distribution. Make > sure you get these files from the main distribution site, rather than from > a mirror. Then verify the signatures using > > That's all explained more at http://www.apache.org/info/verification.html, > and of course I know that's true. It comes by default when installing > packages in most any linux distro, or on other major platforms. > > But I can't find any evidence of a .sig file for this release or for other > recent releases. Where do I get it? > > Thanks, > > Neal McBurnett http://neal.mcburnett.org/ >
