Refresh download page #78
Conversation
|
Now looks as
|
slawekjaranowski
force-pushed
the
download
branch
from
28b02dc to
103fe7d
Compare
|
Next proposition:
Inspired by ASF download template: https://www.apache.org/dyn/closer.lua |
|
Still not convinced TBH ;-). Integrity is usually checked by Maven Resolver, only authenticity needs to be verified manually. |
I agree here. There is a clear distinction between checksum and a signature. |
|
It is download page where we put link to source release of project from ASF distribution area - it is not binary version of plugin which is downloaded by Maven. Users download it manually and we give instruction how to verify it. |
If so, we should require to the check the signature only, not the checksum since sig check will include checksum. |
|
There is linked ASF instruction https://www.apache.org/info/verification.html - which describe both methods |
|
Me and @cstamas have expressed many times that this ASF page requires a cleanup because it mixes hashes and checksums throughout. It starts with hashes, then talks about checksums. |
|
This statement is wrong: |
|
ok, my goal was a refresh a little download page, remove broken links to mirrors changing ASF release policy and related documents are out of scope for this PR 😄 |
michael-o
left a comment
michael-o
left a comment
There was a problem hiding this comment.
Last nit and then we can merge
I know and I appreciate that. It is a different discussion which has been bugigng me for quite some time. |
slawekjaranowski
force-pushed
the
download
branch
from
103fe7d to
b99d056
Compare
4 participants
Following this checklist to help us incorporate your
contribution quickly and easily:
for the change (usually before you start working on it). Trivial changes like typos do not
require a JIRA issue. Your pull request should address just this issue, without
pulling in other changes.
[MEAR-XXX] - Fixes bug in ApproximateQuantiles,where you replace
MEAR-XXXwith the appropriate JIRA issue. Best practiceis to use the JIRA issue title in the pull request title and in the first line of the
commit message.
mvn clean verifyto make sure basic checks pass. A more thorough check willbe performed on your pull request automatically.
mvn -Prun-its clean verify).If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.
To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.
I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004
In any other case, please file an Apache Individual Contributor License Agreement.