Thanks, Flavio. I went ahead and filed the infra ticket: https://issues.apache.org/jira/browse/INFRA-9556
--Chris Nauroth On 4/29/15, 3:16 PM, "Flavio Junqueira" <[email protected]> wrote: >+1 to checking with infra. > >-Flavio > >> On 29 Apr 2015, at 23:09, Chris Nauroth <[email protected]> >>wrote: >> >> For the sake of comparison to another Apache project, here is a mirror >>of >> Hadoop: >> >> >>http://www.webhostingreviewjam.com/mirror/apache/hadoop/common/hadoop-2.7 >>.0 >> / >> >> >> The checksum information in the .mds file is mirrored, but the signature >> in the .asc file is not mirrored. For ZooKeeper on that same mirror, >>both >> the signature and the checksum are missing: >> >> >>http://www.webhostingreviewjam.com/mirror/apache/zookeeper/zookeeper-3.5. >>0- >> alpha/ >> >> >> I'm not familiar with the details of the mirroring configuration. Maybe >> it's worth filing an INFRA ticket? >> >> --Chris Nauroth >> >> >> >> >> On 4/29/15, 2:47 PM, "Flavio Junqueira" <[email protected]> >> wrote: >> >>> But is it expected that the signature files aren't propagated to the >>> mirrors? I'd think that they should be propagated too. >>> >>> -Flavio >>> >>>> On 29 Apr 2015, at 19:29, Michi Mutsuzaki <[email protected]> wrote: >>>> >>>> You can find these files here: https://www.apache.org/dist/zookeeper/ >>>> >>>> I guess these files are not mirrored for security reasons. >>>> >>>> On Wed, Apr 29, 2015 at 10:49 AM, Flavio Junqueira >>>> <[email protected]> wrote: >>>>> That's weird, we definitely generate them for the RCs, and I'm quite >>>>> sure were publishing them: >>>>> http://people.apache.org/~fpj/zookeeper-3.4.6-candidate-0/ >>>>> >>>>> I'm not sure what's going, and Pat Hunt might know about it. I'll see >>>>> if I can find out more in the meanwhile. >>>>> -Flavio >>>>> >>>>> >>>>> >>>>> On Wednesday, April 29, 2015 4:13 PM, ralph tice >>>>> <[email protected]> wrote: >>>>> >>>>> >>>>> >>>>> Hi, >>>>> >>>>> I was surprised to discover that releases haven't been published with >>>>> MD5/etc signatures since 3.3.2. >>>>> >>>>> Is this an intentional change by the project or an oversight? Is >>>>> there an >>>>> alternative method of verifying integrity of releases? >>>>> >>>>> Thanks, >>>>> >>>>> --Ralph >>>>> >>>>> >>>>> >>>>> >>> >> >
