santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49970] Releases are not being served from the ASF mirror system
Date Wed, 22 Sep 2010 10:47:23 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49970

--- Comment #4 from coheigea <coheigea@apache.org> 2010-09-22 06:47:21 EDT ---

> This is not actually true, as the mirrors do have the current release.

I just added the distributions to www.apache.org/dist/santuario and
archive.apache.org/dist/santuario recently. The website hasn't been updated yet
to reflect this. I'm working on this at the moment.

> Also, there are no MD5 or SHA1 checksum files for the releases.
> AIUI at least one of these is also required for all ASF releases.

Previous releases of Santuario/XML-Security did not appear to create checksum
files. From what I can tell this is not a strict requirement...:

http://www.apache.org/dev/release-signing.html#motivation

>> Signatures should be ASCII armored and detached.

>>Your public key should be exported and the result appended to the appropriate >>
KEYS file(s).

>>That's all you need to know to sign a release.

All of these steps have been followed for the current distribution(s).

> I thought the checksums were created when the files were put into place the
> other day. 

No, I just copied the artifacts from the Santuario dist page across. Henk
objected to the fact that there was no KEYS file and so the signatures could
not be verified, I copied the KEYS file across to fix that.

> The directory isn't group writeable, will need to wait on the PMC chair to fix.

This is done now.

Colm.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Mime
View raw message