Just a short addition: I copied from the flink site the following statement (which should suffice), regarding the hash verification:
Verifying Hashes and Signatures Along with our releases, we also provide sha512 hashes in *.sha512 files and cryptographic signatures in *.asc files. The Apache Software Foundation has an extensive tutorial to verify hashes and signatures which you can follow by using any of these release-signing KEYS. Am 21.08.19, 18:22 schrieb "Julian Feinauer" <[email protected]>: Hey, I got some further requests to fix which we should address before the announce goes out... It would be good if someone could help with the fixes ======================= The download page must only use https://www.apache.org/dist/... for the KEYS, hashes and sigs. The source and binary artifacts must only use the mirror system, not /dist/... The public download page must not link directly to the source code in GitHub, as that has not been formally released. Such links should be restricted to pages intended for developers. The same considerations apply to the News section. The download page needs say that downloaders should verify releases, and describe how to do so using KEYS + sig, or hash. ======================= Thanks! Julian Am 21.08.19, 15:28 schrieb "Julian Feinauer" <[email protected]>: Hi, thanks fort he fast fix, I already resend the ANNOUNCE mail.. so hopefully it comes through soon __ Julian Am 21.08.19, 12:59 schrieb "Xiangdong Huang" <[email protected]>: Hi, As something is wrong in jenkins server, I have manually deployed the latest website. Now http://iotdb.apache.org/#/Download has correct urls. Best, ----------------------------------- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 Xiangdong Huang <[email protected]> 于2019年8月21日周三 下午6:34写道: > Hi, > > I fixed it. Please review PR > https://github.com/apache/incubator-iotdb-website/pull/30 > Or I will merge it a short time later. > > Best, > ----------------------------------- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > Julian Feinauer <[email protected]> 于2019年8月21日周三 下午6:10写道: > >> Hi, >> >> Just got a mail from the announce guys that we need a fix on our download >> section : >> >> The links to iotdb 0.8.0 mirrors are ok. >> But the links to ASC and SHA512 must be direct links to >> https://www.apache.org/dist/incubator/iotdb/... and not to mirrors. >> >> Could someone take care of that? >> Then I can resubmit the announce mail :) >> >> Thanks! >> Julian >> >> Von meinem Mobiltelefon gesendet >> >
