On Wed, Dec 7, 2011, at 18:29, Stefan Sperling wrote: > On Wed, Dec 07, 2011 at 11:23:30AM -0400, Shane Turner wrote: > > Should I open a bug report to have the packages regenerated, > > No. Releases are never regenerated. That would invalidate signatures > developers sent for the release.[*] > > We'll have to figure out the source of the problem and then try > to avoid it in future releases. > > [*] These signatures are important to the release process because having > multiple signatures proofs the release wasn't made by a single individual > but by the Apache Subversion Project Member Committee which is legally > part of the ASF. This protects individual developers from legal attacks > because the ASF needs to be attacked instead.
It also allows consumers of the release to verify its authenticity. >
