You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Bernd Eckenfels <ec...@zusammenkunft.net> on 2014/12/29 20:48:33 UTC
[site][build-plugin] Keys link link on download page
The download page of apache commons reads like there is supposed to be
a KEYS column in the table. But it is now a general link, so I would
apply the following changes, if you agree:
===================================================================
--- src/main/resources/commons-xdoc-templates/download-page-head.xml
(Revision 1648413) +++
src/main/resources/commons-xdoc-templates/download-page-head.xml
(Arbeitskopie) @@ -88,12 +88,12 @@ </form>
<p>
- The <a href="https://www.apache.org/dist/commons/KEYS">KEYS</a>
- link links to the code signing keys used to sign the product.
The <code>PGP</code> link downloads the OpenPGP compatible
signature from our main site. The <code>MD5</code> link
downloads the checksum from the main site. Please <a
href="http://www.apache.org/info/verification.html">verify the
integrity</a>
- of the downloaded file.
+ of the downloaded file against the public code signing
+ <a href="http://www.apache.org/dist/commons/KEYS">KEYS</a>
+ used by the Apache Commons developers.
</p>
</subsection>
</section>
(also in src/site/xdoc/download_commons-build-plugin.xml)
This is partially based on the wording of the apache maven download
site.
Gruss
Bernd
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [site][build-plugin] Keys link link on download page
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Am Mon, 29 Dec 2014 20:01:29 +0000
schrieb sebb <se...@gmail.com>:
> On 29 December 2014 at 19:48, Bernd Eckenfels
> <ec...@zusammenkunft.net> wrote:
> > The download page of apache commons reads like there is supposed to
> > be a KEYS column in the table. But it is now a general link, so I
> > would apply the following changes, if you agree:
>
> I think the reference to the KEYS file needs to come before the
> hashes. We want to encourage sig checking as the primary way to check
> downloads.
I have commited the changes and also added it to the changes.xml.
I added the README.md/CONTRIBUTING.md goals as well to the pending
release changes. Any more changes which should be added?
While doing so I noticed there are multiple mentions of "Ant" on the
site. Is that correct? What is a "Maven Ant Plugin"?
Gruss
Bernd
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [site][build-plugin] Keys link link on download page
Posted by Benedikt Ritter <br...@apache.org>.
Hello Bernd
2015-01-02 10:04 GMT+01:00 Benedikt Ritter <br...@apache.org>:
> Hello Bernd,
>
> 2014-12-31 19:00 GMT+01:00 Bernd Eckenfels <ec...@zusammenkunft.net>:
>
>> Hello Benedikt,
>>
>> I have pushed an updated download page text (a bit shorter than your
>> proposal).
>>
>> I also made changes to CONTRIBUTING/README.md goals which will work for
>> VFS (more or less, some manual work is required for javadoc url and
>> download url). But the change uses an ugly hack thats why I havent
>> commited it yet, you find the patch here:
>>
>> https://issues.apache.org/jira/browse/COMMONSSITE-81
>>
>> (can you especially confirm that changing the pom
>> (commons.componentid) of the plugin project is fine).
>>
>
> I'll try to have a look today or tomorrow.
>
I've committed your patch. If it now works for vfs, thats fine. However I
just realized that it doesn't work for lang anymore, since it will generate
for example:
https://commons.apache.org/proper/commons-lang3/download_lang3.cgi
but the correct URL is
https://commons.apache.org/proper/commons-lang/download_lang.cgi
I think we can not make this work for all components without making them
more alike. There will be a bit manual adjusting of the files involved
(just like when you create the RELEASE-NOTES.txt for a new release).
Benedikt
>
> Benedikt
>
>
>>
>> Gruss
>> Bernd
>>
>> Am Wed, 31 Dec 2014 15:59:19 +0100
>> schrieb Benedikt Ritter <br...@apache.org>:
>>
>> > Hey Bernd,
>> >
>> > note that the readme and contributing goals still don't really work
>> > for multi module projects. But I think that can be fixed in the next
>> > release if anybody has the time?
>> >
>> > Benedikt
>> >
>> > 2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <ec...@zusammenkunft.net>:
>> >
>> > > Hello sebb,
>> > >
>> > > ok I can amend my changes to add this. I will wait a day to see if
>> > > more issues come up.
>> > >
>> > > I was trying to be brief as we have the validation
>> > > page explaining all, but it might be good to be a bit verbose here.
>> > >
>> > > Gruss
>> > > Bernd
>> > >
>> > >
>> > > Am Mon, 29 Dec 2014 20:51:21 +0000
>> > > schrieb sebb <se...@gmail.com>:
>> > >
>> > > > On 29 December 2014 at 20:13, Bernd Eckenfels
>> > > > <ec...@zusammenkunft.net> wrote:
>> > > > > Am Mon, 29 Dec 2014 20:01:29 +0000
>> > > > > schrieb sebb <se...@gmail.com>:
>> > > > >
>> > > > >> On 29 December 2014 at 19:48, Bernd Eckenfels
>> > > > >> <ec...@zusammenkunft.net> wrote:
>> > > > >> > The download page of apache commons reads like there is
>> > > > >> > supposed to be a KEYS column in the table. But it is now a
>> > > > >> > general link, so I would apply the following changes, if you
>> > > > >> > agree:
>> > > > >>
>> > > > >> I think the reference to the KEYS file needs to come before the
>> > > > >> hashes. We want to encourage sig checking as the primary way to
>> > > > >> check downloads.
>> > > > >>
>> > > > >> But I agree that the text needs some TLC.
>> > > > >
>> > > > > Cool, how is this:
>> > > > >
>> > > > > <p>
>> > > > > Please <a
>> > > > > href="http://www.apache.org/info/verification.html">verify the
>> > > > > integrity</a> of downloaded files against the public code
>> > > > > signing <a
>> > > > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> used by
>> > > > > the Apache Commons developers. </p> <p>
>> > > > > The <code>pgp</code> link downloads the OpenPGP
>> > > > > compatible signature from our main site. The <code>md5</code>
>> > > > > link downloads the checksum from the main site. </p>
>> > > > >
>> > > >
>> > > > Better, but the verification is not actually against the KEYS
>> > > > file. How about:
>> > > >
>> > > > <p>
>> > > > It is essential that you <a
>> > > > href="http://www.apache.org/info/verification.html">verify the
>> > > > integrity</a>
>> > > > of downloaded files, preferabley using the
>> > > > <code>PGP</code> signature; failing that using the
>> > > > <code>MD5</code> hash. <p>
>> > > > </p>
>> > > > The <a
>> > > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> file
>> > > > contains the public keys used by Apache Commons developers to
>> > > > sign releases. It is used in conjunction with the
>> > > > <code>PGP</code> signature for the download
>> > > > </p>
>> > > > <p>
>> > > > The <code>PGP</code> link downloads the OpenPGP compatible
>> > > > signature from our main site.
>> > > > The <code>MD5</code> link downloads the checksum from our
>> > > > main site. </p>
>> > > >
>> > > >
>> > > > I'm sure this could be improved further.
>> > > >
>> > > > The generated links should probably also upcased to PGP and MD5 so
>> > > > they stand out better.
>> > > >
>> > > > > Gruss
>> > > > > Bernd
>> > > > >
>> > > > >
>> ---------------------------------------------------------------------
>> > > > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> > > > > For additional commands, e-mail: dev-help@commons.apache.org
>> > > > >
>> > > >
>> > > >
>> ---------------------------------------------------------------------
>> > > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> > > > For additional commands, e-mail: dev-help@commons.apache.org
>> > > >
>> > >
>> > >
>> > > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> > > For additional commands, e-mail: dev-help@commons.apache.org
>> > >
>> > >
>> >
>> >
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
>>
>
>
> --
> http://people.apache.org/~britter/
> http://www.systemoutprintln.de/
> http://twitter.com/BenediktRitter
> http://github.com/britter
>
--
http://people.apache.org/~britter/
http://www.systemoutprintln.de/
http://twitter.com/BenediktRitter
http://github.com/britter
Re: [site][build-plugin] Keys link link on download page
Posted by Benedikt Ritter <br...@apache.org>.
Hello Bernd,
2014-12-31 19:00 GMT+01:00 Bernd Eckenfels <ec...@zusammenkunft.net>:
> Hello Benedikt,
>
> I have pushed an updated download page text (a bit shorter than your
> proposal).
>
> I also made changes to CONTRIBUTING/README.md goals which will work for
> VFS (more or less, some manual work is required for javadoc url and
> download url). But the change uses an ugly hack thats why I havent
> commited it yet, you find the patch here:
>
> https://issues.apache.org/jira/browse/COMMONSSITE-81
>
> (can you especially confirm that changing the pom
> (commons.componentid) of the plugin project is fine).
>
I'll try to have a look today or tomorrow.
Benedikt
>
> Gruss
> Bernd
>
> Am Wed, 31 Dec 2014 15:59:19 +0100
> schrieb Benedikt Ritter <br...@apache.org>:
>
> > Hey Bernd,
> >
> > note that the readme and contributing goals still don't really work
> > for multi module projects. But I think that can be fixed in the next
> > release if anybody has the time?
> >
> > Benedikt
> >
> > 2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <ec...@zusammenkunft.net>:
> >
> > > Hello sebb,
> > >
> > > ok I can amend my changes to add this. I will wait a day to see if
> > > more issues come up.
> > >
> > > I was trying to be brief as we have the validation
> > > page explaining all, but it might be good to be a bit verbose here.
> > >
> > > Gruss
> > > Bernd
> > >
> > >
> > > Am Mon, 29 Dec 2014 20:51:21 +0000
> > > schrieb sebb <se...@gmail.com>:
> > >
> > > > On 29 December 2014 at 20:13, Bernd Eckenfels
> > > > <ec...@zusammenkunft.net> wrote:
> > > > > Am Mon, 29 Dec 2014 20:01:29 +0000
> > > > > schrieb sebb <se...@gmail.com>:
> > > > >
> > > > >> On 29 December 2014 at 19:48, Bernd Eckenfels
> > > > >> <ec...@zusammenkunft.net> wrote:
> > > > >> > The download page of apache commons reads like there is
> > > > >> > supposed to be a KEYS column in the table. But it is now a
> > > > >> > general link, so I would apply the following changes, if you
> > > > >> > agree:
> > > > >>
> > > > >> I think the reference to the KEYS file needs to come before the
> > > > >> hashes. We want to encourage sig checking as the primary way to
> > > > >> check downloads.
> > > > >>
> > > > >> But I agree that the text needs some TLC.
> > > > >
> > > > > Cool, how is this:
> > > > >
> > > > > <p>
> > > > > Please <a
> > > > > href="http://www.apache.org/info/verification.html">verify the
> > > > > integrity</a> of downloaded files against the public code
> > > > > signing <a
> > > > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> used by
> > > > > the Apache Commons developers. </p> <p>
> > > > > The <code>pgp</code> link downloads the OpenPGP
> > > > > compatible signature from our main site. The <code>md5</code>
> > > > > link downloads the checksum from the main site. </p>
> > > > >
> > > >
> > > > Better, but the verification is not actually against the KEYS
> > > > file. How about:
> > > >
> > > > <p>
> > > > It is essential that you <a
> > > > href="http://www.apache.org/info/verification.html">verify the
> > > > integrity</a>
> > > > of downloaded files, preferabley using the
> > > > <code>PGP</code> signature; failing that using the
> > > > <code>MD5</code> hash. <p>
> > > > </p>
> > > > The <a
> > > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> file
> > > > contains the public keys used by Apache Commons developers to
> > > > sign releases. It is used in conjunction with the
> > > > <code>PGP</code> signature for the download
> > > > </p>
> > > > <p>
> > > > The <code>PGP</code> link downloads the OpenPGP compatible
> > > > signature from our main site.
> > > > The <code>MD5</code> link downloads the checksum from our
> > > > main site. </p>
> > > >
> > > >
> > > > I'm sure this could be improved further.
> > > >
> > > > The generated links should probably also upcased to PGP and MD5 so
> > > > they stand out better.
> > > >
> > > > > Gruss
> > > > > Bernd
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > > > For additional commands, e-mail: dev-help@commons.apache.org
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > > For additional commands, e-mail: dev-help@commons.apache.org
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > For additional commands, e-mail: dev-help@commons.apache.org
> > >
> > >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
--
http://people.apache.org/~britter/
http://www.systemoutprintln.de/
http://twitter.com/BenediktRitter
http://github.com/britter
Re: [site][build-plugin] Keys link link on download page
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Hello Benedikt,
I have pushed an updated download page text (a bit shorter than your
proposal).
I also made changes to CONTRIBUTING/README.md goals which will work for
VFS (more or less, some manual work is required for javadoc url and
download url). But the change uses an ugly hack thats why I havent
commited it yet, you find the patch here:
https://issues.apache.org/jira/browse/COMMONSSITE-81
(can you especially confirm that changing the pom
(commons.componentid) of the plugin project is fine).
Gruss
Bernd
Am Wed, 31 Dec 2014 15:59:19 +0100
schrieb Benedikt Ritter <br...@apache.org>:
> Hey Bernd,
>
> note that the readme and contributing goals still don't really work
> for multi module projects. But I think that can be fixed in the next
> release if anybody has the time?
>
> Benedikt
>
> 2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <ec...@zusammenkunft.net>:
>
> > Hello sebb,
> >
> > ok I can amend my changes to add this. I will wait a day to see if
> > more issues come up.
> >
> > I was trying to be brief as we have the validation
> > page explaining all, but it might be good to be a bit verbose here.
> >
> > Gruss
> > Bernd
> >
> >
> > Am Mon, 29 Dec 2014 20:51:21 +0000
> > schrieb sebb <se...@gmail.com>:
> >
> > > On 29 December 2014 at 20:13, Bernd Eckenfels
> > > <ec...@zusammenkunft.net> wrote:
> > > > Am Mon, 29 Dec 2014 20:01:29 +0000
> > > > schrieb sebb <se...@gmail.com>:
> > > >
> > > >> On 29 December 2014 at 19:48, Bernd Eckenfels
> > > >> <ec...@zusammenkunft.net> wrote:
> > > >> > The download page of apache commons reads like there is
> > > >> > supposed to be a KEYS column in the table. But it is now a
> > > >> > general link, so I would apply the following changes, if you
> > > >> > agree:
> > > >>
> > > >> I think the reference to the KEYS file needs to come before the
> > > >> hashes. We want to encourage sig checking as the primary way to
> > > >> check downloads.
> > > >>
> > > >> But I agree that the text needs some TLC.
> > > >
> > > > Cool, how is this:
> > > >
> > > > <p>
> > > > Please <a
> > > > href="http://www.apache.org/info/verification.html">verify the
> > > > integrity</a> of downloaded files against the public code
> > > > signing <a
> > > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> used by
> > > > the Apache Commons developers. </p> <p>
> > > > The <code>pgp</code> link downloads the OpenPGP
> > > > compatible signature from our main site. The <code>md5</code>
> > > > link downloads the checksum from the main site. </p>
> > > >
> > >
> > > Better, but the verification is not actually against the KEYS
> > > file. How about:
> > >
> > > <p>
> > > It is essential that you <a
> > > href="http://www.apache.org/info/verification.html">verify the
> > > integrity</a>
> > > of downloaded files, preferabley using the
> > > <code>PGP</code> signature; failing that using the
> > > <code>MD5</code> hash. <p>
> > > </p>
> > > The <a
> > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> file
> > > contains the public keys used by Apache Commons developers to
> > > sign releases. It is used in conjunction with the
> > > <code>PGP</code> signature for the download
> > > </p>
> > > <p>
> > > The <code>PGP</code> link downloads the OpenPGP compatible
> > > signature from our main site.
> > > The <code>MD5</code> link downloads the checksum from our
> > > main site. </p>
> > >
> > >
> > > I'm sure this could be improved further.
> > >
> > > The generated links should probably also upcased to PGP and MD5 so
> > > they stand out better.
> > >
> > > > Gruss
> > > > Bernd
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > > For additional commands, e-mail: dev-help@commons.apache.org
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > For additional commands, e-mail: dev-help@commons.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [site][build-plugin] Keys link link on download page
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Hello,
Am Wed, 31 Dec 2014 15:59:19 +0100
schrieb Benedikt Ritter <br...@apache.org>:
> note that the readme and contributing goals still don't really work
> for multi module projects. But I think that can be fixed in the next
> release if anybody has the time?
I have actually used them for VFS. I did some minor fixes manually and
I did not commit the files in the modules subdirs, but besides that it
already saved me lots of work.
(see diff at end)
I do want to look into it, but I am not that familiar with the whole
templating/maven part. But I think it is enough to generate the
base-urls with
https://commons.apache.org/proper/commons-${commons.componentid}
instead of artifactID.
Gruss
Bernd
List of changes I had to make for VFS to make the generated README.md
and CONTRIBUTING.md work:
--- README.md (Revision 1648039)
+++ README.md (Arbeitskopie)
@@ -48,13 +48,13 @@
Documentation
-------------
-More information can be found on the
[homepage](http://commons.apache.org/proper/commons-vfs).
-The
[JavaDoc](http://commons.apache.org/proper/commons-vfs/apidocs/index.html) can be browsed.
+More information can be found on the
[homepage](http://commons.apache.org/proper/commons-vfs2-project).
+The
[JavaDoc](http://commons.apache.org/proper/commons-vfs2-project/javadocs/api-release) can be browsed.
Questions related to the usage of Apache Commons VFS should be posted
to the [user mailing list][ml].
Where can I get the latest release?
-----------------------------------
-You can download source and binaries from our [download
page](http://commons.apache.org/proper/commons-vfs/download.html).
+You can download source and binaries from our [download
page](http://commons.apache.org/proper/commons-vfs2-project/download_vfs.cgi).
Alternatively you can pull it from the central Maven repositories:
@@ -61,7 +61,7 @@
```xml
<dependency>
<groupId>org.apache.commons</groupId>
- <artifactId>commons-vfs2</artifactId>
+ <artifactId>commons-vfs2-project</artifactId>
<version>2.0</version>
</dependency>
```
@@ -77,7 +77,7 @@
If you plan to contribute on a regular basis, please consider filing a
[contributor license agreement](http://www.apache.org/licenses/#clas).
-You can learn more about contributing via GitHub in our [contribution
guidelines](https://github.com/apache/commons-vfs/blob/trunk/CONTRIBUTING.md).
+You can learn more about contributing via GitHub in our [contribution
guidelines](https://github.com/apache/commons-vfs2-project/blob/trunk/CONTRIBUTING.md).
License
-------
@@ -95,4 +95,4 @@
+ [Apache Commons Twitter Account](https://twitter.com/ApacheCommons)
+ #apachecommons IRC channel on freenode.org
-[ml]:http://commons.apache.org/proper/commons-vfs/mail-lists.html
+[ml]:http://commons.apache.org/proper/commons-vfs2-project/mail-lists.html
--- CONTRIBUTING.md (Revision 1648039)
+++ CONTRIBUTING.md (Arbeitskopie)
@@ -50,7 +50,7 @@
+ Make sure you have a [JIRA account](https://issues.apache.org/jira/).
+ Make sure you have a [GitHub
account](https://github.com/signup/free).
-+ If you're planning to implement a new feature it makes sense to
discuss you're changes on the [dev list](http://commons.apache.org/proper/commons-vfs/mail-lists.html) first. This way you can make sure you're not wasting your time on something that isn't considered to be in Apache Commons VFS's scope.
++ If you're planning to implement a new feature it makes sense to
discuss you're changes on the [dev
list](http://commons.apache.org/proper/commons-vfs2-project/mail-lists.html)
first. This way you can make sure you're not wasting your time on
something that isn't considered to be in Apache Commons VFS's scope.
+ Submit a ticket for your issue, assuming one does not already exist.
+ Clearly describe the issue including steps to reproduce when it is
a bug.
+ Make sure you fill in the earliest version that you know has the
issue.
> 2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <ec...@zusammenkunft.net>:
>
> > Hello sebb,
> >
> > ok I can amend my changes to add this. I will wait a day to see if
> > more issues come up.
> >
> > I was trying to be brief as we have the validation
> > page explaining all, but it might be good to be a bit verbose here.
> >
> > Gruss
> > Bernd
> >
> >
> > Am Mon, 29 Dec 2014 20:51:21 +0000
> > schrieb sebb <se...@gmail.com>:
> >
> > > On 29 December 2014 at 20:13, Bernd Eckenfels
> > > <ec...@zusammenkunft.net> wrote:
> > > > Am Mon, 29 Dec 2014 20:01:29 +0000
> > > > schrieb sebb <se...@gmail.com>:
> > > >
> > > >> On 29 December 2014 at 19:48, Bernd Eckenfels
> > > >> <ec...@zusammenkunft.net> wrote:
> > > >> > The download page of apache commons reads like there is
> > > >> > supposed to be a KEYS column in the table. But it is now a
> > > >> > general link, so I would apply the following changes, if you
> > > >> > agree:
> > > >>
> > > >> I think the reference to the KEYS file needs to come before the
> > > >> hashes. We want to encourage sig checking as the primary way to
> > > >> check downloads.
> > > >>
> > > >> But I agree that the text needs some TLC.
> > > >
> > > > Cool, how is this:
> > > >
> > > > <p>
> > > > Please <a
> > > > href="http://www.apache.org/info/verification.html">verify the
> > > > integrity</a> of downloaded files against the public code
> > > > signing <a
> > > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> used by
> > > > the Apache Commons developers. </p> <p>
> > > > The <code>pgp</code> link downloads the OpenPGP
> > > > compatible signature from our main site. The <code>md5</code>
> > > > link downloads the checksum from the main site. </p>
> > > >
> > >
> > > Better, but the verification is not actually against the KEYS
> > > file. How about:
> > >
> > > <p>
> > > It is essential that you <a
> > > href="http://www.apache.org/info/verification.html">verify the
> > > integrity</a>
> > > of downloaded files, preferabley using the
> > > <code>PGP</code> signature; failing that using the
> > > <code>MD5</code> hash. <p>
> > > </p>
> > > The <a
> > > href="http://www.apache.org/dist/commons/KEYS">KEYS</a> file
> > > contains the public keys used by Apache Commons developers to
> > > sign releases. It is used in conjunction with the
> > > <code>PGP</code> signature for the download
> > > </p>
> > > <p>
> > > The <code>PGP</code> link downloads the OpenPGP compatible
> > > signature from our main site.
> > > The <code>MD5</code> link downloads the checksum from our
> > > main site. </p>
> > >
> > >
> > > I'm sure this could be improved further.
> > >
> > > The generated links should probably also upcased to PGP and MD5 so
> > > they stand out better.
> > >
> > > > Gruss
> > > > Bernd
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > > For additional commands, e-mail: dev-help@commons.apache.org
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > For additional commands, e-mail: dev-help@commons.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [site][build-plugin] Keys link link on download page
Posted by Benedikt Ritter <br...@apache.org>.
Hey Bernd,
note that the readme and contributing goals still don't really work for
multi module projects. But I think that can be fixed in the next release if
anybody has the time?
Benedikt
2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <ec...@zusammenkunft.net>:
> Hello sebb,
>
> ok I can amend my changes to add this. I will wait a day to see if more
> issues come up.
>
> I was trying to be brief as we have the validation
> page explaining all, but it might be good to be a bit verbose here.
>
> Gruss
> Bernd
>
>
> Am Mon, 29 Dec 2014 20:51:21 +0000
> schrieb sebb <se...@gmail.com>:
>
> > On 29 December 2014 at 20:13, Bernd Eckenfels
> > <ec...@zusammenkunft.net> wrote:
> > > Am Mon, 29 Dec 2014 20:01:29 +0000
> > > schrieb sebb <se...@gmail.com>:
> > >
> > >> On 29 December 2014 at 19:48, Bernd Eckenfels
> > >> <ec...@zusammenkunft.net> wrote:
> > >> > The download page of apache commons reads like there is supposed
> > >> > to be a KEYS column in the table. But it is now a general link,
> > >> > so I would apply the following changes, if you agree:
> > >>
> > >> I think the reference to the KEYS file needs to come before the
> > >> hashes. We want to encourage sig checking as the primary way to
> > >> check downloads.
> > >>
> > >> But I agree that the text needs some TLC.
> > >
> > > Cool, how is this:
> > >
> > > <p>
> > > Please <a
> > > href="http://www.apache.org/info/verification.html">verify the
> > > integrity</a> of downloaded files against the public code signing
> > > <a href="http://www.apache.org/dist/commons/KEYS">KEYS</a> used by
> > > the Apache Commons developers. </p>
> > > <p>
> > > The <code>pgp</code> link downloads the OpenPGP compatible
> > > signature from our main site. The <code>md5</code> link downloads
> > > the checksum from the main site. </p>
> > >
> >
> > Better, but the verification is not actually against the KEYS file.
> > How about:
> >
> > <p>
> > It is essential that you <a
> > href="http://www.apache.org/info/verification.html">verify the
> > integrity</a>
> > of downloaded files, preferabley using the <code>PGP</code>
> > signature; failing that using the <code>MD5</code> hash.
> > <p>
> > </p>
> > The <a href="http://www.apache.org/dist/commons/KEYS">KEYS</a>
> > file contains the public keys
> > used by Apache Commons developers to sign releases.
> > It is used in conjunction with the <code>PGP</code> signature
> > for the download
> > </p>
> > <p>
> > The <code>PGP</code> link downloads the OpenPGP compatible
> > signature from our main site.
> > The <code>MD5</code> link downloads the checksum from our
> > main site. </p>
> >
> >
> > I'm sure this could be improved further.
> >
> > The generated links should probably also upcased to PGP and MD5 so
> > they stand out better.
> >
> > > Gruss
> > > Bernd
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > > For additional commands, e-mail: dev-help@commons.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
--
http://people.apache.org/~britter/
http://www.systemoutprintln.de/
http://twitter.com/BenediktRitter
http://github.com/britter
Re: [site][build-plugin] Keys link link on download page
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Hello sebb,
ok I can amend my changes to add this. I will wait a day to see if more
issues come up.
I was trying to be brief as we have the validation
page explaining all, but it might be good to be a bit verbose here.
Gruss
Bernd
Am Mon, 29 Dec 2014 20:51:21 +0000
schrieb sebb <se...@gmail.com>:
> On 29 December 2014 at 20:13, Bernd Eckenfels
> <ec...@zusammenkunft.net> wrote:
> > Am Mon, 29 Dec 2014 20:01:29 +0000
> > schrieb sebb <se...@gmail.com>:
> >
> >> On 29 December 2014 at 19:48, Bernd Eckenfels
> >> <ec...@zusammenkunft.net> wrote:
> >> > The download page of apache commons reads like there is supposed
> >> > to be a KEYS column in the table. But it is now a general link,
> >> > so I would apply the following changes, if you agree:
> >>
> >> I think the reference to the KEYS file needs to come before the
> >> hashes. We want to encourage sig checking as the primary way to
> >> check downloads.
> >>
> >> But I agree that the text needs some TLC.
> >
> > Cool, how is this:
> >
> > <p>
> > Please <a
> > href="http://www.apache.org/info/verification.html">verify the
> > integrity</a> of downloaded files against the public code signing
> > <a href="http://www.apache.org/dist/commons/KEYS">KEYS</a> used by
> > the Apache Commons developers. </p>
> > <p>
> > The <code>pgp</code> link downloads the OpenPGP compatible
> > signature from our main site. The <code>md5</code> link downloads
> > the checksum from the main site. </p>
> >
>
> Better, but the verification is not actually against the KEYS file.
> How about:
>
> <p>
> It is essential that you <a
> href="http://www.apache.org/info/verification.html">verify the
> integrity</a>
> of downloaded files, preferabley using the <code>PGP</code>
> signature; failing that using the <code>MD5</code> hash.
> <p>
> </p>
> The <a href="http://www.apache.org/dist/commons/KEYS">KEYS</a>
> file contains the public keys
> used by Apache Commons developers to sign releases.
> It is used in conjunction with the <code>PGP</code> signature
> for the download
> </p>
> <p>
> The <code>PGP</code> link downloads the OpenPGP compatible
> signature from our main site.
> The <code>MD5</code> link downloads the checksum from our
> main site. </p>
>
>
> I'm sure this could be improved further.
>
> The generated links should probably also upcased to PGP and MD5 so
> they stand out better.
>
> > Gruss
> > Bernd
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [site][build-plugin] Keys link link on download page
Posted by sebb <se...@gmail.com>.
On 29 December 2014 at 20:13, Bernd Eckenfels <ec...@zusammenkunft.net> wrote:
> Am Mon, 29 Dec 2014 20:01:29 +0000
> schrieb sebb <se...@gmail.com>:
>
>> On 29 December 2014 at 19:48, Bernd Eckenfels
>> <ec...@zusammenkunft.net> wrote:
>> > The download page of apache commons reads like there is supposed to
>> > be a KEYS column in the table. But it is now a general link, so I
>> > would apply the following changes, if you agree:
>>
>> I think the reference to the KEYS file needs to come before the
>> hashes. We want to encourage sig checking as the primary way to check
>> downloads.
>>
>> But I agree that the text needs some TLC.
>
> Cool, how is this:
>
> <p>
> Please <a href="http://www.apache.org/info/verification.html">verify the integrity</a>
> of downloaded files against the public code signing
> <a href="http://www.apache.org/dist/commons/KEYS">KEYS</a>
> used by the Apache Commons developers.
> </p>
> <p>
> The <code>pgp</code> link downloads the OpenPGP compatible signature from our main site.
> The <code>md5</code> link downloads the checksum from the main site.
> </p>
>
Better, but the verification is not actually against the KEYS file.
How about:
<p>
It is essential that you <a
href="http://www.apache.org/info/verification.html">verify the
integrity</a>
of downloaded files, preferabley using the <code>PGP</code>
signature; failing that using the <code>MD5</code> hash.
<p>
</p>
The <a href="http://www.apache.org/dist/commons/KEYS">KEYS</a>
file contains the public keys
used by Apache Commons developers to sign releases.
It is used in conjunction with the <code>PGP</code> signature
for the download
</p>
<p>
The <code>PGP</code> link downloads the OpenPGP compatible
signature from our main site.
The <code>MD5</code> link downloads the checksum from our main site.
</p>
I'm sure this could be improved further.
The generated links should probably also upcased to PGP and MD5 so
they stand out better.
> Gruss
> Bernd
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [site][build-plugin] Keys link link on download page
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Am Mon, 29 Dec 2014 20:01:29 +0000
schrieb sebb <se...@gmail.com>:
> On 29 December 2014 at 19:48, Bernd Eckenfels
> <ec...@zusammenkunft.net> wrote:
> > The download page of apache commons reads like there is supposed to
> > be a KEYS column in the table. But it is now a general link, so I
> > would apply the following changes, if you agree:
>
> I think the reference to the KEYS file needs to come before the
> hashes. We want to encourage sig checking as the primary way to check
> downloads.
>
> But I agree that the text needs some TLC.
Cool, how is this:
<p>
Please <a href="http://www.apache.org/info/verification.html">verify the integrity</a>
of downloaded files against the public code signing
<a href="http://www.apache.org/dist/commons/KEYS">KEYS</a>
used by the Apache Commons developers.
</p>
<p>
The <code>pgp</code> link downloads the OpenPGP compatible signature from our main site.
The <code>md5</code> link downloads the checksum from the main site.
</p>
Gruss
Bernd
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [site][build-plugin] Keys link link on download page
Posted by sebb <se...@gmail.com>.
On 29 December 2014 at 19:48, Bernd Eckenfels <ec...@zusammenkunft.net> wrote:
> The download page of apache commons reads like there is supposed to be
> a KEYS column in the table. But it is now a general link, so I would
> apply the following changes, if you agree:
I think the reference to the KEYS file needs to come before the hashes.
We want to encourage sig checking as the primary way to check downloads.
But I agree that the text needs some TLC.
> ===================================================================
> --- src/main/resources/commons-xdoc-templates/download-page-head.xml
> (Revision 1648413) +++
> src/main/resources/commons-xdoc-templates/download-page-head.xml
> (Arbeitskopie) @@ -88,12 +88,12 @@ </form>
>
> <p>
> - The <a href="https://www.apache.org/dist/commons/KEYS">KEYS</a>
> - link links to the code signing keys used to sign the product.
> The <code>PGP</code> link downloads the OpenPGP compatible
> signature from our main site. The <code>MD5</code> link
> downloads the checksum from the main site. Please <a
> href="http://www.apache.org/info/verification.html">verify the
> integrity</a>
> - of the downloaded file.
> + of the downloaded file against the public code signing
> + <a href="http://www.apache.org/dist/commons/KEYS">KEYS</a>
> + used by the Apache Commons developers.
> </p>
> </subsection>
> </section>
>
> (also in src/site/xdoc/download_commons-build-plugin.xml)
>
> This is partially based on the wording of the apache maven download
> site.
>
> Gruss
> Bernd
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org