You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@calcite.apache.org by Julian Hyde <jh...@apache.org> on 2018/09/19 23:42:45 UTC
Re: calcite git commit: [CALCITE-2574] Update download page to
include instructions for verifying a downloaded artifact
Can you please change those URLs to use https?
> On Sep 19, 2018, at 4:37 PM, francischuang@apache.org wrote:
>
> Repository: calcite
> Updated Branches:
> refs/heads/master d262c860a -> d3b02ae2c
>
>
> [CALCITE-2574] Update download page to include instructions for verifying
> a downloaded artifact
>
>
> Project: http://git-wip-us.apache.org/repos/asf/calcite/repo
> Commit: http://git-wip-us.apache.org/repos/asf/calcite/commit/d3b02ae2
> Tree: http://git-wip-us.apache.org/repos/asf/calcite/tree/d3b02ae2
> Diff: http://git-wip-us.apache.org/repos/asf/calcite/diff/d3b02ae2
>
> Branch: refs/heads/master
> Commit: d3b02ae2cb9dce786270d6657b8e758ce3aa55f1
> Parents: d262c86
> Author: Francis Chuang <fr...@apache.org>
> Authored: Thu Sep 20 09:37:09 2018 +1000
> Committer: Francis Chuang <fr...@apache.org>
> Committed: Thu Sep 20 09:37:09 2018 +1000
>
> ----------------------------------------------------------------------
> site/downloads/index.md | 38 +++++++++++++++++++++++++++++++-------
> 1 file changed, 31 insertions(+), 7 deletions(-)
> ----------------------------------------------------------------------
>
>
> http://git-wip-us.apache.org/repos/asf/calcite/blob/d3b02ae2/site/downloads/index.md
> ----------------------------------------------------------------------
> diff --git a/site/downloads/index.md b/site/downloads/index.md
> index 4770e44..0d00c41 100644
> --- a/site/downloads/index.md
> +++ b/site/downloads/index.md
> @@ -70,16 +70,11 @@ Release | Date | Commit | Download
> {% endcomment %}
> {% endfor %}
>
> -Choose a source distribution in either *tar* or *zip* format,
> -and [verify](http://www.apache.org/dyn/closer.cgi#verify)
> -using the corresponding *pgp* signature (using the committer file in
> -[KEYS](http://www.apache.org/dist/calcite/KEYS)).
> -If you cannot do that, use the *digest* file
> -to check that the download has completed OK.
> +Choose a source distribution in either *tar* or *zip* format.
>
> For fast downloads, current source distributions are hosted on mirror servers;
> older source distributions are in the
> -[archive](http://archive.apache.org/dist/calcite/)
> +[archive](http://archive.apache.org/dist/calcite/)
> or [incubator archive](http://archive.apache.org/dist/incubator/calcite/).
> If a download from a mirror fails, retry, and the second download will likely
> succeed.
> @@ -87,6 +82,35 @@ succeed.
> For security, hash and signature files are always hosted at
> [Apache](https://www.apache.org/dist).
>
> +# Verify the integrity of the files
> +
> +You must verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha256, .md5 for older
> +releases). For more information why this must be done, please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html).
> +
> +To verify the signature using GPG or PGP, please do the following:
> +
> +1. Download the release artifact and the corresponding PGP signature from the table above.
> +2. Download the [Apache Calcite KEYS](http://www.apache.org/dist/calcite/KEYS) file.
> +3. Import the KEYS file and verify the downloaded artifact using one of the following methods:
> +{% highlight shell %}
> +% gpg --import KEYS
> +% gpg --verify downloaded_file.asc downloaded_file
> +{% endhighlight %}
> +
> +or
> +
> +{% highlight shell %}
> +% pgpk -a KEYS
> +% pgpv downloaded_file.asc
> +{% endhighlight %}
> +
> +or
> +
> +{% highlight shell %}
> +% pgp -ka KEYS
> +% pgp downloaded_file.asc
> +{% endhighlight %}
> +
> # Maven artifacts
>
> Add the following to the dependencies section of your `pom.xml` file:
>
Re: calcite git commit: [CALCITE-2574] Update download page to
include instructions for verifying a downloaded artifact
Posted by Julian Hyde <jh...@apache.org>.
Thank you!
> On Sep 19, 2018, at 4:49 PM, Francis Chuang <fr...@apache.org> wrote:
>
> Fixed in CALCITE-2577
>
> On 20/09/2018 9:42 AM, Julian Hyde wrote:
>> Can you please change those URLs to use https?
>>
>>> On Sep 19, 2018, at 4:37 PM, francischuang@apache.org wrote:
>>>
>>> Repository: calcite
>>> Updated Branches:
>>> refs/heads/master d262c860a -> d3b02ae2c
>>>
>>>
>>> [CALCITE-2574] Update download page to include instructions for verifying
>>> a downloaded artifact
>>>
>>>
>>> Project: http://git-wip-us.apache.org/repos/asf/calcite/repo
>>> Commit: http://git-wip-us.apache.org/repos/asf/calcite/commit/d3b02ae2
>>> Tree: http://git-wip-us.apache.org/repos/asf/calcite/tree/d3b02ae2
>>> Diff: http://git-wip-us.apache.org/repos/asf/calcite/diff/d3b02ae2
>>>
>>> Branch: refs/heads/master
>>> Commit: d3b02ae2cb9dce786270d6657b8e758ce3aa55f1
>>> Parents: d262c86
>>> Author: Francis Chuang <fr...@apache.org>
>>> Authored: Thu Sep 20 09:37:09 2018 +1000
>>> Committer: Francis Chuang <fr...@apache.org>
>>> Committed: Thu Sep 20 09:37:09 2018 +1000
>>>
>>> ----------------------------------------------------------------------
>>> site/downloads/index.md | 38 +++++++++++++++++++++++++++++++-------
>>> 1 file changed, 31 insertions(+), 7 deletions(-)
>>> ----------------------------------------------------------------------
>>>
>>>
>>> http://git-wip-us.apache.org/repos/asf/calcite/blob/d3b02ae2/site/downloads/index.md
>>> ----------------------------------------------------------------------
>>> diff --git a/site/downloads/index.md b/site/downloads/index.md
>>> index 4770e44..0d00c41 100644
>>> --- a/site/downloads/index.md
>>> +++ b/site/downloads/index.md
>>> @@ -70,16 +70,11 @@ Release | Date | Commit | Download
>>> {% endcomment %}
>>> {% endfor %}
>>>
>>> -Choose a source distribution in either *tar* or *zip* format,
>>> -and [verify](http://www.apache.org/dyn/closer.cgi#verify)
>>> -using the corresponding *pgp* signature (using the committer file in
>>> -[KEYS](http://www.apache.org/dist/calcite/KEYS)).
>>> -If you cannot do that, use the *digest* file
>>> -to check that the download has completed OK.
>>> +Choose a source distribution in either *tar* or *zip* format.
>>>
>>> For fast downloads, current source distributions are hosted on mirror servers;
>>> older source distributions are in the
>>> -[archive](http://archive.apache.org/dist/calcite/)
>>> +[archive](http://archive.apache.org/dist/calcite/)
>>> or [incubator archive](http://archive.apache.org/dist/incubator/calcite/).
>>> If a download from a mirror fails, retry, and the second download will likely
>>> succeed.
>>> @@ -87,6 +82,35 @@ succeed.
>>> For security, hash and signature files are always hosted at
>>> [Apache](https://www.apache.org/dist).
>>>
>>> +# Verify the integrity of the files
>>> +
>>> +You must verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha256, .md5 for older
>>> +releases). For more information why this must be done, please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html).
>>> +
>>> +To verify the signature using GPG or PGP, please do the following:
>>> +
>>> +1. Download the release artifact and the corresponding PGP signature from the table above.
>>> +2. Download the [Apache Calcite KEYS](http://www.apache.org/dist/calcite/KEYS) file.
>>> +3. Import the KEYS file and verify the downloaded artifact using one of the following methods:
>>> +{% highlight shell %}
>>> +% gpg --import KEYS
>>> +% gpg --verify downloaded_file.asc downloaded_file
>>> +{% endhighlight %}
>>> +
>>> +or
>>> +
>>> +{% highlight shell %}
>>> +% pgpk -a KEYS
>>> +% pgpv downloaded_file.asc
>>> +{% endhighlight %}
>>> +
>>> +or
>>> +
>>> +{% highlight shell %}
>>> +% pgp -ka KEYS
>>> +% pgp downloaded_file.asc
>>> +{% endhighlight %}
>>> +
>>> # Maven artifacts
>>>
>>> Add the following to the dependencies section of your `pom.xml` file:
>>>
>
Re: calcite git commit: [CALCITE-2574] Update download page to
include instructions for verifying a downloaded artifact
Posted by Francis Chuang <fr...@apache.org>.
Fixed in CALCITE-2577
On 20/09/2018 9:42 AM, Julian Hyde wrote:
> Can you please change those URLs to use https?
>
>> On Sep 19, 2018, at 4:37 PM, francischuang@apache.org wrote:
>>
>> Repository: calcite
>> Updated Branches:
>> refs/heads/master d262c860a -> d3b02ae2c
>>
>>
>> [CALCITE-2574] Update download page to include instructions for verifying
>> a downloaded artifact
>>
>>
>> Project: http://git-wip-us.apache.org/repos/asf/calcite/repo
>> Commit: http://git-wip-us.apache.org/repos/asf/calcite/commit/d3b02ae2
>> Tree: http://git-wip-us.apache.org/repos/asf/calcite/tree/d3b02ae2
>> Diff: http://git-wip-us.apache.org/repos/asf/calcite/diff/d3b02ae2
>>
>> Branch: refs/heads/master
>> Commit: d3b02ae2cb9dce786270d6657b8e758ce3aa55f1
>> Parents: d262c86
>> Author: Francis Chuang <fr...@apache.org>
>> Authored: Thu Sep 20 09:37:09 2018 +1000
>> Committer: Francis Chuang <fr...@apache.org>
>> Committed: Thu Sep 20 09:37:09 2018 +1000
>>
>> ----------------------------------------------------------------------
>> site/downloads/index.md | 38 +++++++++++++++++++++++++++++++-------
>> 1 file changed, 31 insertions(+), 7 deletions(-)
>> ----------------------------------------------------------------------
>>
>>
>> http://git-wip-us.apache.org/repos/asf/calcite/blob/d3b02ae2/site/downloads/index.md
>> ----------------------------------------------------------------------
>> diff --git a/site/downloads/index.md b/site/downloads/index.md
>> index 4770e44..0d00c41 100644
>> --- a/site/downloads/index.md
>> +++ b/site/downloads/index.md
>> @@ -70,16 +70,11 @@ Release | Date | Commit | Download
>> {% endcomment %}
>> {% endfor %}
>>
>> -Choose a source distribution in either *tar* or *zip* format,
>> -and [verify](http://www.apache.org/dyn/closer.cgi#verify)
>> -using the corresponding *pgp* signature (using the committer file in
>> -[KEYS](http://www.apache.org/dist/calcite/KEYS)).
>> -If you cannot do that, use the *digest* file
>> -to check that the download has completed OK.
>> +Choose a source distribution in either *tar* or *zip* format.
>>
>> For fast downloads, current source distributions are hosted on mirror servers;
>> older source distributions are in the
>> -[archive](http://archive.apache.org/dist/calcite/)
>> +[archive](http://archive.apache.org/dist/calcite/)
>> or [incubator archive](http://archive.apache.org/dist/incubator/calcite/).
>> If a download from a mirror fails, retry, and the second download will likely
>> succeed.
>> @@ -87,6 +82,35 @@ succeed.
>> For security, hash and signature files are always hosted at
>> [Apache](https://www.apache.org/dist).
>>
>> +# Verify the integrity of the files
>> +
>> +You must verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha256, .md5 for older
>> +releases). For more information why this must be done, please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html).
>> +
>> +To verify the signature using GPG or PGP, please do the following:
>> +
>> +1. Download the release artifact and the corresponding PGP signature from the table above.
>> +2. Download the [Apache Calcite KEYS](http://www.apache.org/dist/calcite/KEYS) file.
>> +3. Import the KEYS file and verify the downloaded artifact using one of the following methods:
>> +{% highlight shell %}
>> +% gpg --import KEYS
>> +% gpg --verify downloaded_file.asc downloaded_file
>> +{% endhighlight %}
>> +
>> +or
>> +
>> +{% highlight shell %}
>> +% pgpk -a KEYS
>> +% pgpv downloaded_file.asc
>> +{% endhighlight %}
>> +
>> +or
>> +
>> +{% highlight shell %}
>> +% pgp -ka KEYS
>> +% pgp downloaded_file.asc
>> +{% endhighlight %}
>> +
>> # Maven artifacts
>>
>> Add the following to the dependencies section of your `pom.xml` file:
>>