I would definitely recommend that the MD5 and ASC hash/sigs be co-located with the artifacts.
BTW, I still have plans to create a separate business entity that, among other things, will distribute Flex and FlexJS binaries that are essentially how Adobe distributed SDKs: AIR/Flash will be packaged in it. No install necessary. Just unzip and point your IDE at it. I have to get clearance from Adobe before I do it, and just have been too swamped to do it, but my hope is that it will cut down significantly on failed installs since, once you get a package that unzips there will not be anything else to download and potentially fail. -Alex On 10/23/14, 7:33 AM, "Kessler CTR Mark J" <mark.kessler....@usmc.mil> wrote: >The only reason I bring this up; some people verify the package has not >been modified if getting it from another source. > >-Mark > >-----Original Message----- >From: Harbs [mailto:harbs.li...@gmail.com] >Sent: Thursday, October 23, 2014 10:00 AM >To: dev@flex.apache.org >Subject: Re: Convenience Binary Policy > >I think that's up to us. > >On Oct 23, 2014, at 4:56 PM, Kessler CTR Mark J ><mark.kessler....@usmc.mil> wrote: > >> I like the idea so far. Would there still be hashes / signatures on >>the non-official releases? >> >> -Mark >
