[
https://issues.apache.org/jira/browse/GROOVY-9846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17244342#comment-17244342
]
Paul King commented on GROOVY-9846:
-----------------------------------
With respect to latest releases. We aren't serving releases (any links related
to source releases) nor convenience binary content (any jars/zips) from the
archive server. We have users that have CI jobs that download the binary or sdk
zips (from bintray mirror) and verify that against the verification links. They
do not want their jobs to break whenever we might happen to release a new
release. They use the PERM verification links for that purpose.
With respect to older releases. We show the latest release for active branches
and the next oldest release for any branch where the windows installer
(community artifact) hasn't yet been released. We always use the archive links
for such older releases. This will typically be between 1-14 days.
> Spurious hashes and sigs for 2.4.1 on download page
> ---------------------------------------------------
>
> Key: GROOVY-9846
> URL: https://issues.apache.org/jira/browse/GROOVY-9846
> Project: Groovy
> Issue Type: Bug
> Reporter: Sebb
> Assignee: Paul King
> Priority: Major
>
> The download page
> https://groovy.apache.org/download.html
> has two sets of sigs and hashes for version 2.4.1 for all but the source
> bundle.
> These are prefixed with DIST: and PERM: but have identical links.
> Rather confusing for downloaders.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
