Corrupted uploads I had not considered, good one. Maybe our VOTE template in the release plugin could generate a script users can run to download and verify each checksums. We already generate a list of files and their checksum.
Gary On Mon, Jul 13, 2020, 01:43 Stefan Bodewig <bode...@apache.org> wrote: > On 2020-07-12, Rob Tompkins wrote: > > > given the consistency of the signatures from the plugins…do we need to > > check them for releases anymore? > > Yes, please. Not everybody uses the plugins and even if everybody did a > misconfiguration could be pulling in the wrong key or a key not > available from the expected download location. > > Stefan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
