Temporary fixup done.
Andy
On 24/10/2018 21:54, Andy Seaborne wrote:
I can fix up the current dist/binaries as per (1), if that's OK. As a
fixup, this is not assuming it is the long term decision.
For 3.8.0, the format was the format of Linux sha512sum (not the other
checksums) - that includes the file name and can be verify by sha512sum
--verify, and end in a newline.
Maven generated chksums are just the checksum without giving the file
name. This the style used in the maven artifacts and and the
source-release sha512.
Andy
On 24/10/2018 21:07, Andy Seaborne wrote:
The report is correct.
When we moved to SHA512 we had to additionally create them.
Then for 3.9.0, the Apache release profile did it for source-release.
Doing it for source-release is the only required part in ASF release
policy.
We can either
1: put back the addition step to add SHA512 the binaries
2: change the download page to reference the sha1's
I'm inclined to do (1) to keep the download page clean
(it needs the source-release being made more prominent IMO; this
binaries downloads are nowadays rather less important than the maven
channel).
Does anyone know of a standalone way to do "mvn
dependency:copy-dependencies"? If there is such a thing, we can
consider using the maven channel for non-maven usage.
Andy
On 24/10/2018 16:38, Lucas Werkmeister wrote:
Hi!
I’m not sure if this email address is the best way to report the issue
(I found it when trying to “improve this page” using the link in the
upper right corner), but FYI: the Apache Jena Releases page [1] links to
SHA512 files for the downloads, but those files don’t actually exist;
instead, according to the automatically generated index [2], there are
SHA1 files. You might want to change your CGI script to link to those
instead.
Best regards,
Lucas Werkmeister
[1]: https://jena.apache.org/download/index.cgi
[2]: https://www.apache.org/dist/jena/binaries/
