[jira] [Closed] (GROOVY-9458) Missing sigs and hashes on download page

Paul King (Jira) Sat, 11 Apr 2020 13:32:45 -0700


     [ 
https://issues.apache.org/jira/browse/GROOVY-9458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Paul King closed GROOVY-9458.
-----------------------------
      Assignee: Paul King
    Resolution: Fixed

I changed the link to not reference the .msi directly and make it clearer that 
this is simply an external link.

> Missing sigs and hashes on download page
> ----------------------------------------
>
>                 Key: GROOVY-9458
>                 URL: https://issues.apache.org/jira/browse/GROOVY-9458
>             Project: Groovy
>          Issue Type: Bug
>            Reporter: Sebb
>            Assignee: Paul King
>            Priority: Major
>
> The public download page includes links to several Windows installer 
> executables.
> These have neither signatures nor hashes.
> However as per [1] 
> "All supplied packages MUST be cryptographically signed by the Release 
> Manager with a detached signature"
> And as per [2]
> "For every artifact distributed to the public through Apache channels, the 
> PMC ... MUST supply at least one checksum file"
> Please either remove the links or provide the required sigs and hashes.
> Thanks.
> [1] http://www.apache.org/legal/release-policy.html#release-signing 
> [2] https://www.apache.org/dev/release-distribution#sigs-and-sums



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Closed] (GROOVY-9458) Missing sigs and hashes on download page

Reply via email to