osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: calcite git commit: [CALCITE-2574] Update download page to include instructions for verifying a downloaded artifact


Can you please change those URLs to use https?

> On Sep 19, 2018, at 4:37 PM, francischuang@xxxxxxxxxx wrote:
> 
> Repository: calcite
> Updated Branches:
>  refs/heads/master d262c860a -> d3b02ae2c
> 
> 
> [CALCITE-2574] Update download page to include instructions for verifying
> a downloaded artifact
> 
> 
> Project: http://git-wip-us.apache.org/repos/asf/calcite/repo
> Commit: http://git-wip-us.apache.org/repos/asf/calcite/commit/d3b02ae2
> Tree: http://git-wip-us.apache.org/repos/asf/calcite/tree/d3b02ae2
> Diff: http://git-wip-us.apache.org/repos/asf/calcite/diff/d3b02ae2
> 
> Branch: refs/heads/master
> Commit: d3b02ae2cb9dce786270d6657b8e758ce3aa55f1
> Parents: d262c86
> Author: Francis Chuang <francischuang@xxxxxxxxxx>
> Authored: Thu Sep 20 09:37:09 2018 +1000
> Committer: Francis Chuang <francischuang@xxxxxxxxxx>
> Committed: Thu Sep 20 09:37:09 2018 +1000
> 
> ----------------------------------------------------------------------
> site/downloads/index.md | 38 +++++++++++++++++++++++++++++++-------
> 1 file changed, 31 insertions(+), 7 deletions(-)
> ----------------------------------------------------------------------
> 
> 
> http://git-wip-us.apache.org/repos/asf/calcite/blob/d3b02ae2/site/downloads/index.md
> ----------------------------------------------------------------------
> diff --git a/site/downloads/index.md b/site/downloads/index.md
> index 4770e44..0d00c41 100644
> --- a/site/downloads/index.md
> +++ b/site/downloads/index.md
> @@ -70,16 +70,11 @@ Release          | Date       | Commit   | Download
> {% endcomment %}
> {% endfor %}
> 
> -Choose a source distribution in either *tar* or *zip* format,
> -and [verify](http://www.apache.org/dyn/closer.cgi#verify)
> -using the corresponding *pgp* signature (using the committer file in
> -[KEYS](http://www.apache.org/dist/calcite/KEYS)).
> -If you cannot do that, use the *digest* file
> -to check that the download has completed OK.
> +Choose a source distribution in either *tar* or *zip* format.
> 
> For fast downloads, current source distributions are hosted on mirror servers;
> older source distributions are in the
> -[archive](http://archive.apache.org/dist/calcite/)
> +[archive](http://archive.apache.org/dist/calcite/) 
> or [incubator archive](http://archive.apache.org/dist/incubator/calcite/).
> If a download from a mirror fails, retry, and the second download will likely
> succeed.
> @@ -87,6 +82,35 @@ succeed.
> For security, hash and signature files are always hosted at
> [Apache](https://www.apache.org/dist).
> 
> +# Verify the integrity of the files
> +
> +You must verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha256, .md5 for older
> +releases). For more information why this must be done, please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html).
> +
> +To verify the signature using GPG or PGP, please do the following:
> +
> +1. Download the release artifact and the corresponding PGP signature from the table above.
> +2. Download the [Apache Calcite KEYS](http://www.apache.org/dist/calcite/KEYS) file.
> +3. Import the KEYS file and verify the downloaded artifact using one of the following methods:
> +{% highlight shell %}
> +% gpg --import KEYS
> +% gpg --verify downloaded_file.asc downloaded_file
> +{% endhighlight %}
> +
> +or
> +
> +{% highlight shell %}
> +% pgpk -a KEYS
> +% pgpv downloaded_file.asc
> +{% endhighlight %}
> +
> +or
> +
> +{% highlight shell %}
> +% pgp -ka KEYS
> +% pgp downloaded_file.asc
> +{% endhighlight %}
> +
> # Maven artifacts
> 
> Add the following to the dependencies section of your `pom.xml` file:
>