[jira] [Commented] (HBASE-9690) HBase Mirrors are missing md5 and sha1 checksums for tarballs

Sebb (JIRA) Tue, 08 Oct 2013 14:01:55 -0700

    [ 
https://issues.apache.org/jira/browse/HBASE-9690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13789693#comment-13789693
 ]


Sebb commented on HBASE-9690:
-----------------------------

Hashes should be downloaded from the ASF mirror only; see for example 
http://httpd.apache.org/download.cgi

Note that PGP / MD5 / SHA1 all link to www.apachae.org/dist/httpd/...

> HBase Mirrors are missing md5 and sha1 checksums for tarballs
> -------------------------------------------------------------
>
>                 Key: HBASE-9690
>                 URL: https://issues.apache.org/jira/browse/HBASE-9690
>             Project: HBase
>          Issue Type: Improvement
>    Affects Versions: 0.94.12
>            Reporter: André Kelpe
>
> Currently there is no way to verify the integrity of release tarballs. Please 
> provide md5, sha1 and gpg signatures, so that users can be sure, that they 
> have the correct tarball.
> Many open source projects provide the above and hbase would benefit from that 
> as well.
> This looks like the right solution for the problem:
> http://nicoulaj.github.io/checksum-maven-plugin/examples/generating-project-artifacts-checksums.html



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (HBASE-9690) HBase Mirrors are missing md5 and sha1 checksums for tarballs

Reply via email to