Re: 10.0.0-M4 missing PGP signatures?
чт, 23 апр. 2020 г. в 21:18, Mark Thomas : > > On 23/04/2020 18:42, Tianon Gravi wrote: > > Hi! > > > > I'm downloading 10.0.0-M4 from the download page[1] and was hoping to > > be able to use PGP to verify the artifacts (as in other versions), and > > it seems the link from that page[2] is a 404? > > > > [1]: https://tomcat.apache.org/download-10.cgi > > [2]: > > https://downloads.apache.org/tomcat/tomcat-10/v10.0.0-M4/bin/apache-tomcat-10.0.0-M4.tar.gz.asc > > > > I've checked a couple other download mirrors and archive.apache.org, > > and it appears that M3 *did* include a signature file for > > "apache-tomcat-10.0.0-M3.tar.gz" (but interestingly, M1 did not > > include one for "apache-tomcat-10.0.0-M1.tar.gz") so perhaps this is > > just a pipeline hiccup / minor oversight? > > Thanks for the heads up. > > That part of the release process is fully automated and it includes > signature generation. > > There have been a couple of glitches lately. I'm not sure what is going > on. I'll try and watch the console for the next set of builds more > carefully. > > I still have the original build outputs locally so I'll generate any > missing signatures and get them uploaded. The *.tar.gz and *.zip files are also published to the Maven repository (as the org.apache.tomcat:tomcat artifact), and they have the signatures. I have a copy of Maven staging repository from the time of release vote. So I verified that those signatures match the files in the release and uploaded them to dist.a.o. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 10.0.0-M4 missing PGP signatures?
On 23/04/2020 18:42, Tianon Gravi wrote: > Hi! > > I'm downloading 10.0.0-M4 from the download page[1] and was hoping to > be able to use PGP to verify the artifacts (as in other versions), and > it seems the link from that page[2] is a 404? > > [1]: https://tomcat.apache.org/download-10.cgi > [2]: > https://downloads.apache.org/tomcat/tomcat-10/v10.0.0-M4/bin/apache-tomcat-10.0.0-M4.tar.gz.asc > > I've checked a couple other download mirrors and archive.apache.org, > and it appears that M3 *did* include a signature file for > "apache-tomcat-10.0.0-M3.tar.gz" (but interestingly, M1 did not > include one for "apache-tomcat-10.0.0-M1.tar.gz") so perhaps this is > just a pipeline hiccup / minor oversight? Thanks for the heads up. That part of the release process is fully automated and it includes signature generation. There have been a couple of glitches lately. I'm not sure what is going on. I'll try and watch the console for the next set of builds more carefully. I still have the original build outputs locally so I'll generate any missing signatures and get them uploaded. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
10.0.0-M4 missing PGP signatures?
Hi! I'm downloading 10.0.0-M4 from the download page[1] and was hoping to be able to use PGP to verify the artifacts (as in other versions), and it seems the link from that page[2] is a 404? [1]: https://tomcat.apache.org/download-10.cgi [2]: https://downloads.apache.org/tomcat/tomcat-10/v10.0.0-M4/bin/apache-tomcat-10.0.0-M4.tar.gz.asc I've checked a couple other download mirrors and archive.apache.org, and it appears that M3 *did* include a signature file for "apache-tomcat-10.0.0-M3.tar.gz" (but interestingly, M1 did not include one for "apache-tomcat-10.0.0-M1.tar.gz") so perhaps this is just a pipeline hiccup / minor oversight? Thanks for your work on Tomcat! ♥, - Tianon 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org