Re: Hash files of Apache Jena releases
Temporary fixup done. Andy On 24/10/2018 21:54, Andy Seaborne wrote: I can fix up the current dist/binaries as per (1), if that's OK. As a fixup, this is not assuming it is the long term decision. For 3.8.0, the format was the format of Linux sha512sum (not the other checksums) - that includes the file name and can be verify by sha512sum --verify, and end in a newline. Maven generated chksums are just the checksum without giving the file name. This the style used in the maven artifacts and and the source-release sha512. Andy On 24/10/2018 21:07, Andy Seaborne wrote: The report is correct. When we moved to SHA512 we had to additionally create them. Then for 3.9.0, the Apache release profile did it for source-release. Doing it for source-release is the only required part in ASF release policy. We can either 1: put back the addition step to add SHA512 the binaries 2: change the download page to reference the sha1's I'm inclined to do (1) to keep the download page clean (it needs the source-release being made more prominent IMO; this binaries downloads are nowadays rather less important than the maven channel). Does anyone know of a standalone way to do "mvn dependency:copy-dependencies"? If there is such a thing, we can consider using the maven channel for non-maven usage. Andy On 24/10/2018 16:38, Lucas Werkmeister wrote: Hi! I’m not sure if this email address is the best way to report the issue (I found it when trying to “improve this page” using the link in the upper right corner), but FYI: the Apache Jena Releases page [1] links to SHA512 files for the downloads, but those files don’t actually exist; instead, according to the automatically generated index [2], there are SHA1 files. You might want to change your CGI script to link to those instead. Best regards, Lucas Werkmeister [1]: https://jena.apache.org/download/index.cgi [2]: https://www.apache.org/dist/jena/binaries/
Re: Hash files of Apache Jena releases
I can fix up the current dist/binaries as per (1), if that's OK. As a fixup, this is not assuming it is the long term decision. For 3.8.0, the format was the format of Linux sha512sum (not the other checksums) - that includes the file name and can be verify by sha512sum --verify, and end in a newline. Maven generated chksums are just the checksum without giving the file name. This the style used in the maven artifacts and and the source-release sha512. Andy On 24/10/2018 21:07, Andy Seaborne wrote: The report is correct. When we moved to SHA512 we had to additionally create them. Then for 3.9.0, the Apache release profile did it for source-release. Doing it for source-release is the only required part in ASF release policy. We can either 1: put back the addition step to add SHA512 the binaries 2: change the download page to reference the sha1's I'm inclined to do (1) to keep the download page clean (it needs the source-release being made more prominent IMO; this binaries downloads are nowadays rather less important than the maven channel). Does anyone know of a standalone way to do "mvn dependency:copy-dependencies"? If there is such a thing, we can consider using the maven channel for non-maven usage. Andy On 24/10/2018 16:38, Lucas Werkmeister wrote: Hi! I’m not sure if this email address is the best way to report the issue (I found it when trying to “improve this page” using the link in the upper right corner), but FYI: the Apache Jena Releases page [1] links to SHA512 files for the downloads, but those files don’t actually exist; instead, according to the automatically generated index [2], there are SHA1 files. You might want to change your CGI script to link to those instead. Best regards, Lucas Werkmeister [1]: https://jena.apache.org/download/index.cgi [2]: https://www.apache.org/dist/jena/binaries/
Re: Hash files of Apache Jena releases
The report is correct. When we moved to SHA512 we had to additionally create them. Then for 3.9.0, the Apache release profile did it for source-release. Doing it for source-release is the only required part in ASF release policy. We can either 1: put back the addition step to add SHA512 the binaries 2: change the download page to reference the sha1's I'm inclined to do (1) to keep the download page clean (it needs the source-release being made more prominent IMO; this binaries downloads are nowadays rather less important than the maven channel). Does anyone know of a standalone way to do "mvn dependency:copy-dependencies"? If there is such a thing, we can consider using the maven channel for non-maven usage. Andy On 24/10/2018 16:38, Lucas Werkmeister wrote: Hi! I’m not sure if this email address is the best way to report the issue (I found it when trying to “improve this page” using the link in the upper right corner), but FYI: the Apache Jena Releases page [1] links to SHA512 files for the downloads, but those files don’t actually exist; instead, according to the automatically generated index [2], there are SHA1 files. You might want to change your CGI script to link to those instead. Best regards, Lucas Werkmeister [1]: https://jena.apache.org/download/index.cgi [2]: https://www.apache.org/dist/jena/binaries/
Hash files of Apache Jena releases
Hi! I’m not sure if this email address is the best way to report the issue (I found it when trying to “improve this page” using the link in the upper right corner), but FYI: the Apache Jena Releases page [1] links to SHA512 files for the downloads, but those files don’t actually exist; instead, according to the automatically generated index [2], there are SHA1 files. You might want to change your CGI script to link to those instead. Best regards, Lucas Werkmeister [1]: https://jena.apache.org/download/index.cgi [2]: https://www.apache.org/dist/jena/binaries/
