This is just FYI, no action needed :-) When we commit to dist.apache.org/repos/dist/release these get copied to the Apache mirror distribution system (including the base www.apache.org/dist/uima )
Henk Penning runs automatic checking software the insures things are properly signed. He's augmented this recently with more automatation, which, in turn depends on a file to be kept in the directory www.apache.org/dist/uima/META - uima.html ( plus an ".asc" gpg signature). Henk said in an email to me: I wonder if I can ask you to do a little experiment ... -- install https://checker.apache.org/META/uima.html as dist/uima/META -- create dist/uima/META.asc with your key "cc762ffdcd04cfd6" It would enable checker.apache.org to show, for ever uima artifact, a proof that the artifact is authentic. See for example : https://checker.apache.org/sums/5d71c0133401aeb48b6e492c7650d3b3f57b18ee.html Hope to hear from you ; any feedback is appreciated. Thanks ; regards, Henk Penning I have done this to aid in his "experiment". The file uima.html and its .asc are being kept in the uima-website project, in the directory META. The uima-website project HOWTO file is updated with a bit of info about this, as well. -Marshall
