commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benedikt Ritter <brit...@apache.org>
Subject Re: [site][build-plugin] Keys link link on download page
Date Fri, 02 Jan 2015 09:04:49 GMT
Hello Bernd,

2014-12-31 19:00 GMT+01:00 Bernd Eckenfels <ecki@zusammenkunft.net>:

> Hello Benedikt,
>
> I have pushed an updated download page text (a bit shorter than your
> proposal).
>
> I also made changes to CONTRIBUTING/README.md goals which will work for
> VFS (more or less, some manual work is required for javadoc url and
> download url). But the change uses an ugly hack thats why I havent
> commited it yet, you find the patch here:
>
> https://issues.apache.org/jira/browse/COMMONSSITE-81
>
> (can you especially confirm that changing the pom
> (commons.componentid) of the plugin project is fine).
>

I'll try to have a look today or tomorrow.

Benedikt


>
> Gruss
> Bernd
>
>  Am Wed, 31 Dec 2014 15:59:19 +0100
> schrieb Benedikt Ritter <britter@apache.org>:
>
> > Hey Bernd,
> >
> > note that the readme and contributing goals still don't really work
> > for multi module projects. But I think that can be fixed in the next
> > release if anybody has the time?
> >
> > Benedikt
> >
> > 2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <ecki@zusammenkunft.net>:
> >
> > > Hello sebb,
> > >
> > > ok I can amend my changes to add this. I will wait a day to see if
> > > more issues come up.
> > >
> > > I was trying to be brief as we have the validation
> > > page explaining all, but it might be good to be a bit verbose here.
> > >
> > > Gruss
> > > Bernd
> > >
> > >
> > >  Am Mon, 29 Dec 2014 20:51:21 +0000
> > > schrieb sebb <sebbaz@gmail.com>:
> > >
> > > > On 29 December 2014 at 20:13, Bernd Eckenfels
> > > > <ecki@zusammenkunft.net> wrote:
> > > > > Am Mon, 29 Dec 2014 20:01:29 +0000
> > > > > schrieb sebb <sebbaz@gmail.com>:
> > > > >
> > > > >> On 29 December 2014 at 19:48, Bernd Eckenfels
> > > > >> <ecki@zusammenkunft.net> wrote:
> > > > >> > The download page of apache commons reads like there is
> > > > >> > supposed to be a KEYS column in the table. But it is now
a
> > > > >> > general link, so I would apply the following changes, if
you
> > > > >> > agree:
> > > > >>
> > > > >> I think the reference to the KEYS file needs to come before the
> > > > >> hashes. We want to encourage sig checking as the primary way
to
> > > > >> check downloads.
> > > > >>
> > > > >> But I agree that the text needs some TLC.
> > > > >
> > > > > Cool, how is this:
> > > > >
> > > > >       <p>
> > > > >         Please <a
> > > > > href="http://www.apache.org/info/verification.html">verify the
> > > > > integrity</a> of downloaded files against the public code
> > > > > signing <a
> > > > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a>
used by
> > > > > the Apache Commons developers. </p> <p>
> > > > >         The <code>pgp</code> link downloads the OpenPGP
> > > > > compatible signature from our main site. The <code>md5</code>
> > > > > link downloads the checksum from the main site. </p>
> > > > >
> > > >
> > > > Better, but the verification is not actually against the KEYS
> > > > file. How about:
> > > >
> > > >       <p>
> > > >         It is essential that you <a
> > > > href="http://www.apache.org/info/verification.html">verify the
> > > > integrity</a>
> > > >         of downloaded files, preferabley using the
> > > > <code>PGP</code> signature; failing that using the
> > > > <code>MD5</code> hash. <p>
> > > >       </p>
> > > >         The <a
> > > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> file
> > > > contains the public keys used by Apache Commons developers to
> > > > sign releases. It is used in conjunction with the
> > > > <code>PGP</code> signature for the download
> > > >       </p>
> > > >       <p>
> > > >         The <code>PGP</code> link downloads the OpenPGP compatible
> > > > signature from our main site.
> > > >         The <code>MD5</code> link downloads the checksum from
our
> > > > main site. </p>
> > > >
> > > >
> > > > I'm sure this could be improved further.
> > > >
> > > > The generated links should probably also upcased to PGP and MD5 so
> > > > they stand out better.
> > > >
> > > > > Gruss
> > > > > Bernd
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > > > For additional commands, e-mail: dev-help@commons.apache.org
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > > For additional commands, e-mail: dev-help@commons.apache.org
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > For additional commands, e-mail: dev-help@commons.apache.org
> > >
> > >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


-- 
http://people.apache.org/~britter/
http://www.systemoutprintln.de/
http://twitter.com/BenediktRitter
http://github.com/britter

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message