Correction; KEYS file MUST be in the distribution directory as well. On Wed, Mar 14, 2018 at 1:48 PM, Niclas Hedhman <[email protected]> wrote:
> > It may be that everyone is ignoring Justin, so I thought I would provide > the link; http://www.apache.org/dev/release-distribution.html#sigs-and > -sums > > <quote> > The names of signature and checksum files *MUST* be formed by adding to > the name of the artifact the following suffixes: > > .asc for a (ASCII armored) PGP signature > .sha1 for a SHA-1 checksum > .sha256 for a SHA-256 checksum > .sha512 for a SHA-512 checksum > </quote> > > This is not the case for https://dist.apache.org/repos/ > dist/dev/royale/0.9.2/rc2 > <https://dist.apache.org/repos/dist/dev/royale/0.9.2/rc2/apache-royale-0.9.2-src.zip> > > I also can't easily find the KEYS file that MUST be published on website > (typically on download page, otherwise in repository root). > > > You WILL get a friendly correction from someone in Infra, probably Henk > Penning, who is the long standing (for decades) security/crypto pillar of > the foundation. It is a lot easier to simply change the file name according > before that. > > > HTH & Cheers > Niclas > > > > On Wed, Mar 14, 2018 at 5:56 AM, Justin Mclean <[email protected]> > wrote: > >> Hi, >> >> The sha files have the wrong extension, I mentioned that some time ago >> here. [1] The extension maters due to how hashes and the mirror system >> interact. >> >> They can be easily renamed to be correct (i.e.ending in .sha512 not >> .SHA-512) and there’s no need to revote/make another RC due to this. >> >> Thanks, >> Justin >> >> 1. https://lists.apache.org/thread.html/dbe6370c0a088be60b2f28a >> c05819c89e4cc5b688ecbe82fc00fe73c@%3Cdev.royale.apache.org%3E > > > > > -- > Niclas Hedhman, Software Developer > http://polygene.apache.org - New Energy for Java > -- Niclas Hedhman, Software Developer http://polygene.apache.org - New Energy for Java
