drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacques Nadeau <jacq...@apache.org>
Subject Re: Can't find PGP signature (.asc file) for Drill 1.0.0 download
Date Mon, 25 May 2015 00:22:45 GMT
You should be able to get them here:

https://dist.apache.org/repos/dist/release/drill/drill-1.0.0/

On Sun, May 24, 2015 at 5:12 PM, Neal McBurnett <nealmcb@gmail.com> wrote:

> Congratulations - sounds like a great milestone, and I want to get it!
>
> So I go to http://drill.apache.org/download/
>
>  and thence to
>
> http://www.apache.org/dyn/closer.cgi/drill/drill-1.0.0/apache-drill-1.0.0.tar.gz
>
> where it prominently says, under VERIFY THE INTEGRITY OF THE FILES:
>   It is essential that you verify the integrity of the downloaded file
> using the PGP signature (.asc file) or a hash (.md5 or .sha file). Please
> read Verifying Apache Software Foundation Releases for more information on
> why you should verify our releases.
>
>   The PGP signature can be verified using PGP or GPG. First download the
> KEYS as well as the asc signature file for the relevant distribution. Make
> sure you get these files from the main distribution site, rather than from
> a mirror. Then verify the signatures using
>
> That's all explained more at http://www.apache.org/info/verification.html,
> and of course I know that's true.  It comes by default when installing
> packages in most any linux distro, or on other major platforms.
>
> But I can't find any evidence of a .sig file for this release or for other
> recent releases.  Where do I get it?
>
> Thanks,
>
> Neal McBurnett                 http://neal.mcburnett.org/
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message