You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by bu...@apache.org on 2015/09/18 06:10:20 UTC
svn commit: r965863 - in /websites/staging/accumulo/trunk/content: ./
verifying_releases.html
Author: buildbot
Date: Fri Sep 18 04:10:20 2015
New Revision: 965863
Log:
Staging update by buildbot for accumulo
Modified:
websites/staging/accumulo/trunk/content/ (props changed)
websites/staging/accumulo/trunk/content/verifying_releases.html
Propchange: websites/staging/accumulo/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Sep 18 04:10:20 2015
@@ -1 +1 @@
-1703324
+1703739
Modified: websites/staging/accumulo/trunk/content/verifying_releases.html
==============================================================================
--- websites/staging/accumulo/trunk/content/verifying_releases.html (original)
+++ websites/staging/accumulo/trunk/content/verifying_releases.html Fri Sep 18 04:10:20 2015
@@ -248,17 +248,26 @@ Information on these tests can be found
<code>test/system/continuous</code>, which include instructions on how to run the tests. These tests are intended to be run
for days on end while injecting faults into the system. These are the tests that truly verify the correctness of
Accumulo on real systems.</p>
+<p>More information on these tests, and the requirements in running them for a given release, can be found on the
+<a href="/governance/releasing.html#testing">governance page on releasing</a></p>
<h2 id="foundation-level-requirements">Foundation Level Requirements<a class="headerlink" href="#foundation-level-requirements" title="Permanent link">¶</a></h2>
<p>The ASF requires that all artifacts in a release are cryptographically signed and distributed with hashes.</p>
<p>OpenPGP is an asymmetric encryption scheme which lends itself well to the globally distributed nature of Apache.
Verification of a release artifact can be done using the signature and the release-maker's public key. Hashes
can be verified using the appropriate command (e.g. <code>sha1sum</code>, <code>md5sum</code>).</p>
<p>An Apache release must contain a source-only artifact. This is the official release artifact. While a release of
-and Apache project can contain other artifacts that do contain binary files. These non-source artifacts are for
+an Apache project can contain other artifacts that do contain binary files. These non-source artifacts are for
user convenience only, but still must adhere to the same licensing rules.</p>
<p>PMC members should take steps to verify that the source-only artifact does not contain any binary files. There is
some leeway in this rule. For example, test-only binary artifacts (such as test files or jars) are acceptable as long
as they are only used for testing the software and not running it.</p>
+<p>The following are the aforementioned Foundation-level documents provided for reference:</p>
+<ul>
+<li><a href="http://www.apache.org/dev/apply-license.html">Applying the Apache Software License</a></li>
+<li><a href="http://www.apache.org/legal/src-headers.html">Legal's license application guidelines</a></li>
+<li><a href="http://apache.org/legal/resolved.html">Common legal-discuss mailing list questions/resolutions</a></li>
+<li><a href="http://www.apache.org/legal/">ASF Legal Affairs Page</a></li>
+</ul>
<h2 id="apache-software-license-application">Apache Software License Application<a class="headerlink" href="#apache-software-license-application" title="Permanent link">¶</a></h2>
<p>Application of the Apache Software License v2 consists of the following steps on each artifact in a release. It's
important to remember that for artifacts that contain other artifacts (e.g. a tarball that contains JAR files or