https://issues.apache.org/bugzilla/show_bug.cgi?id=49970
--- Comment #4 from coheigea <[email protected]> 2010-09-22 06:47:21 EDT --- > This is not actually true, as the mirrors do have the current release. I just added the distributions to www.apache.org/dist/santuario and archive.apache.org/dist/santuario recently. The website hasn't been updated yet to reflect this. I'm working on this at the moment. > Also, there are no MD5 or SHA1 checksum files for the releases. > AIUI at least one of these is also required for all ASF releases. Previous releases of Santuario/XML-Security did not appear to create checksum files. From what I can tell this is not a strict requirement...: http://www.apache.org/dev/release-signing.html#motivation >> Signatures should be ASCII armored and detached. >>Your public key should be exported and the result appended to the appropriate >>>> KEYS file(s). >>That's all you need to know to sign a release. All of these steps have been followed for the current distribution(s). > I thought the checksums were created when the files were put into place the > other day. No, I just copied the artifacts from the Santuario dist page across. Henk objected to the fact that there was no KEYS file and so the signatures could not be verified, I copied the KEYS file across to fix that. > The directory isn't group writeable, will need to wait on the PMC chair to > fix. This is done now. Colm. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
