[
https://issues.apache.org/jira/browse/GROOVY-9458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17081545#comment-17081545
]
Paul King edited comment on GROOVY-9458 at 4/11/20, 8:33 PM:
-------------------------------------------------------------
I changed the link to not reference the .msi directly and make it clearer that
this is simply an external link. Feedback from branding:
{quote}Subject: Re: Clarification on third-party links on download page
To: Paul King <[email protected]>
Cc: [email protected]
From: Mark Thomas <[email protected]>
Date: Sat, 11 Apr 2020 19:23:20 +0100
Wearing my VP, Brand Management hat:
This looks fine to me.
Mark
{quote}
was (Author: paulk):
I changed the link to not reference the .msi directly and make it clearer that
this is simply an external link.
> Missing sigs and hashes on download page
> ----------------------------------------
>
> Key: GROOVY-9458
> URL: https://issues.apache.org/jira/browse/GROOVY-9458
> Project: Groovy
> Issue Type: Bug
> Reporter: Sebb
> Assignee: Paul King
> Priority: Major
>
> The public download page includes links to several Windows installer
> executables.
> These have neither signatures nor hashes.
> However as per [1]
> "All supplied packages MUST be cryptographically signed by the Release
> Manager with a detached signature"
> And as per [2]
> "For every artifact distributed to the public through Apache channels, the
> PMC ... MUST supply at least one checksum file"
> Please either remove the links or provide the required sigs and hashes.
> Thanks.
> [1] http://www.apache.org/legal/release-policy.html#release-signing
> [2] https://www.apache.org/dev/release-distribution#sigs-and-sums
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
