You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by sebb <se...@gmail.com> on 2019/03/12 08:56:22 UTC
MD5/SHA1 links - make sure they are removed in component source!
DIGESTER-191 - md5 checksum: 404 Not Found
noted that the hash download links did not work.
It transpired that many of the commons download pages still linked to
the SHA1/MD5 hashes, even if these had been replaced on the download
site.
I think I have now fixed all the links - and dropped old md5/sha1
hashes that were not needed.
I did this by editting the SVN production website files to avoid
having to regenerate all the sites.
However I have not fixed all the source files, so please check that
the correct hashes are being generated and linked when republishing.
Thanks!
S
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: MD5/SHA1 links - make sure they are removed in component
source!
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Hello,
Sebb:
>> BTW the (Imaging] Download (still) points to incubator
>Please start a new thread for a new issue, thanks!
I noticed this seems to be expected as [Imaging] does Mention it on the site. So I dont pursue this part further.
However while trying to fix some site typos I also tried to recreate the download page and I noticed something strange:
[Imaging] uses parent 47 (build-plugin 1.9), but when I run* the download-page goal it generated download_imaging with SHA1-links.
When I look into the source of the download-page:1.9 it seems to default to SHA512 and in the effective pomI dont see Commons.release.hash beeing overwritten.
How is it actually configured to use sha256 in the download-page plugin?
I even tried -Dcommons.release.hash=sha256, but that had no effect, presumeable because the Mojo does not define it as property?
Anyway, I manually fixed the xdoc with sha256 and fixed a gitbox link.
Gruss
Bernd
Re: MD5/SHA1 links - make sure they are removed in component source!
Posted by sebb <se...@gmail.com>.
On Tue, 12 Mar 2019 at 09:52, Bernd Eckenfels <ec...@zusammenkunft.net> wrote:
>
> Hello,
>
> I was only looking on the commit mailing list, found it on notify, thanks.
>
> You did not explicitely mention it, but it looks like you only had to change download pages, so my comment about removing the links anywhere else is I guess moot.
>
> BTW the (Imaging] Download (still) points to incubator, are we planning to change this?
Please start a new thread for a new issue, thanks!
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> ________________________________
> Von: sebb <se...@gmail.com>
> Gesendet: Dienstag, März 12, 2019 10:37 AM
> An: Commons Developers List
> Betreff: Re: MD5/SHA1 links - make sure they are removed in component source!
>
> On Tue, 12 Mar 2019 at 09:11, Bernd Eckenfels <ec...@zusammenkunft.net> wrote:
> >
> > Is that change done here?
> >
> > https://svn.apache.org/repos/infra/websites/production/commons/content/proper/
>
> Yes, I have a local checkout of the top two levels (only) which makes
> this very easy.
>
> > Is there a Svn Web view where we can see the commit and check out what files have been changed?
>
> The changes were all sent to the notifications@commons.apache.org list.
>
> I don't know if there is a web view.
>
> > Maybe we can also reduce the number of download links to mainly the mirror scripts?
>
> If you are talking about dropping the links to KEYS, hashes and sigs,
> they are required
> https://www.apache.org/dev/release-distribution#download-links
>
> It must be easy for downloaders to fetch these files for verification purposes.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: MD5/SHA1 links - make sure they are removed in component source!
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Hello,
I was only looking on the commit mailing list, found it on notify, thanks.
You did not explicitely mention it, but it looks like you only had to change download pages, so my comment about removing the links anywhere else is I guess moot.
BTW the (Imaging] Download (still) points to incubator, are we planning to change this?
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: sebb <se...@gmail.com>
Gesendet: Dienstag, März 12, 2019 10:37 AM
An: Commons Developers List
Betreff: Re: MD5/SHA1 links - make sure they are removed in component source!
On Tue, 12 Mar 2019 at 09:11, Bernd Eckenfels <ec...@zusammenkunft.net> wrote:
>
> Is that change done here?
>
> https://svn.apache.org/repos/infra/websites/production/commons/content/proper/
Yes, I have a local checkout of the top two levels (only) which makes
this very easy.
> Is there a Svn Web view where we can see the commit and check out what files have been changed?
The changes were all sent to the notifications@commons.apache.org list.
I don't know if there is a web view.
> Maybe we can also reduce the number of download links to mainly the mirror scripts?
If you are talking about dropping the links to KEYS, hashes and sigs,
they are required
https://www.apache.org/dev/release-distribution#download-links
It must be easy for downloaders to fetch these files for verification purposes.
Re: MD5/SHA1 links - make sure they are removed in component source!
Posted by sebb <se...@gmail.com>.
On Tue, 12 Mar 2019 at 09:11, Bernd Eckenfels <ec...@zusammenkunft.net> wrote:
>
> Is that change done here?
>
> https://svn.apache.org/repos/infra/websites/production/commons/content/proper/
Yes, I have a local checkout of the top two levels (only) which makes
this very easy.
> Is there a Svn Web view where we can see the commit and check out what files have been changed?
The changes were all sent to the notifications@commons.apache.org list.
I don't know if there is a web view.
> Maybe we can also reduce the number of download links to mainly the mirror scripts?
If you are talking about dropping the links to KEYS, hashes and sigs,
they are required
https://www.apache.org/dev/release-distribution#download-links
It must be easy for downloaders to fetch these files for verification purposes.
> Gruss
> Bernd
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
>
> ________________________________
> Von: sebb <se...@gmail.com>
> Gesendet: Dienstag, März 12, 2019 9:56 AM
> An: CommonsDev
> Betreff: MD5/SHA1 links - make sure they are removed in component source!
>
> DIGESTER-191 - md5 checksum: 404 Not Found
> noted that the hash download links did not work.
>
> It transpired that many of the commons download pages still linked to
> the SHA1/MD5 hashes, even if these had been replaced on the download
> site.
>
> I think I have now fixed all the links - and dropped old md5/sha1
> hashes that were not needed.
>
> I did this by editting the SVN production website files to avoid
> having to regenerate all the sites.
> However I have not fixed all the source files, so please check that
> the correct hashes are being generated and linked when republishing.
>
> Thanks!
> S
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: MD5/SHA1 links - make sure they are removed in component source!
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Is that change done here?
https://svn.apache.org/repos/infra/websites/production/commons/content/proper/
Is there a Svn Web view where we can see the commit and check out what files have been changed? Maybe we can also reduce the number of download links to mainly the mirror scripts?
Gruss
Bernd
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: sebb <se...@gmail.com>
Gesendet: Dienstag, März 12, 2019 9:56 AM
An: CommonsDev
Betreff: MD5/SHA1 links - make sure they are removed in component source!
DIGESTER-191 - md5 checksum: 404 Not Found
noted that the hash download links did not work.
It transpired that many of the commons download pages still linked to
the SHA1/MD5 hashes, even if these had been replaced on the download
site.
I think I have now fixed all the links - and dropped old md5/sha1
hashes that were not needed.
I did this by editting the SVN production website files to avoid
having to regenerate all the sites.
However I have not fixed all the source files, so please check that
the correct hashes are being generated and linked when republishing.
Thanks!
S
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org