lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Hostetter <hossman_luc...@fucit.org>
Subject Re: ReleaseTodo steps
Date Fri, 25 Sep 2009 01:32:42 GMT

: > They are there.... just not replicated or shown in mirrors?
: > http://www.apache.org/dist/lucene/java/
: >   
: 
: Its pretty odd they don't go out to the mirrors - I mean, whats the
: point? Users can't use them to verify anything anyway if they don't have
: them. Anyone know anything about this?

It's intentional: you always want to get the hash from the authoritative 
source (and not a mirror) so you can actaully verify the checksum. 
(particularly if you don't have gpg to check the signature files).

http://tomcat.apache.org/download-connectors.cgi..
 "Alternatively, you can verify the MD5 signature (hash value) on the 
  files. Make sure you get these files from the main site, rather than 
  from a mirror. The above [MD5] links automatically retrieve the 
  signature files from the main site."




-Hoss


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org


Mime
View raw message