db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew McIntyre (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2428) Move older releases from www.apache.org/dist/ to archive.apache.org/dist
Date Fri, 09 Mar 2007 18:31:09 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12479678

Andrew McIntyre commented on DERBY-2428:

whoops, somehow submitted that incomplete.

The release signing policy here:


says to create MD5s, but a quick look at the mirrors shows that the MD5 checksums are not
mirrored. I believe this was due to security reasons - one should not trust MD5s stored on
a remote machine, since cracks in the MD5 algorithm were known. MD5s that were stored on Apache
hardware could be considered trusted, because the Apache hardware can be considered to be
secure and the MD5s stored there as authoritative.

As for the archives? I'm not sure if copying the MD5s over is the right thing to do. Seems
like it to me, but if so, then perhaps the archival mechanism should be fixed to retain the
MD5s as well.

> Move older releases from www.apache.org/dist/ to archive.apache.org/dist
> ------------------------------------------------------------------------
>                 Key: DERBY-2428
>                 URL: https://issues.apache.org/jira/browse/DERBY-2428
>             Project: Derby
>          Issue Type: Task
>          Components: Web Site
>    Affects Versions:,,
>            Reporter: Jean T. Anderson
>         Attachments: release-
> Derby releases are consuming much space on the Apache mirrors. It's time to update the
older download pages to point to the archives, then remove them from www.apache.org/dist/

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message