Justin,
Sorry about the delayed response, but I just got back from vacation.
Your script identified the following issue:
DataSketches
(http://datasketches.incubator.apache.org/docs/Community/Downloads.htm)
Links to signatures and hashes are missing.
However, if you follow the link on that page:
https://downloads.apache.org/incubator/datasketches/
it brings you to a list of directories which are shorthands for the different
repositories. If the user is interested in the downloads for the Java
repository, for example, he/she would select "java/". The user is then
presented with a list of candidate releases. The user would normally select
the latest release (1.2.0-incubating). Upon selecting the candidate release
the user is presented with the zip file as well as the asc and sha512 signature
and hash files.
Because our project is split up into language and dependency-related
components, choosing what to download varies by what the user needs.
Attempting to replicate this hierarchy on the downloads page would not only be
redundant, it would require more work to maintain.
So, I would argue that our downloads mechanism does, in fact, present the user
with the zip file and the associated signatures and hashes.
Perhaps I am missing something, but I think what we have does satisfy the
spirit and intent of the Apache requirement to make the signature and hash
files visible.
Cheers,
Lee.
On 2020/03/04 01:53:55, Justin Mclean <jus...@classsoftware.com> wrote:
> Hi,
>
> I wrote a quick python script to check download pages and it’s found a number
> fo issues which i have listed below. I’ve not double checked all the results
> so there may be some false positives or it may of missed something.
>
> Mentors can you please ask your podlings to fix these issues.
>
> APISIX (http://apisix.incubator.apache.org/downloads/)
> Please change link to
> http://www.apache.org/dist/incubator/apisix/0.9/apache-apisix-0.9-incubating-src.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> http://www.apache.org/dist/incubator/apisix/0.9/apache-apisix-0.9-incubating-src.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/apisix/1.0/apache-apisix-1.0-incubating-src.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/apisix/1.0/apache-apisix-1.0-incubating-src.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/apisix/1.1/apache-apisix-1.1-incubating-src.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/apisix/1.1/apache-apisix-1.1-incubating-src.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
>
> BRPC (http://brpc.incubator.apache.org/download/)
> Please change link to
> https://dist.apache.org/repos/dist/dev/incubator/brpc/0.9.6-rc02/apache-brpc-0.9.6.rc02-incubating-src.tar.gz
> to release area and use https://www.apache.org/dyn/closer.lua
> Please change link to
> https://dist.apache.org/repos/dist/dev/incubator/brpc/0.9.6-rc02/apache-brpc-0.9.6.rc02-incubating-src.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> https://dist.apache.org/repos/dist/dev/incubator/brpc/0.9.6-rc02/apache-brpc-0.9.6.rc02-incubating-src.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
>
> DataSketches
> (http://datasketches.incubator.apache.org/docs/Community/Downloads.htm)
> Links to signatures and hashes are missing
>
> ECharts (https://echarts.apache.org/en/download.html)
> Links to signatures and hashes are missing
>
> Heron (http://heron.incubator.apache.org/versions/)
> Links to signatures and hashes are missing
>
> Iceberg (Checking http://iceberg.incubator.apache.org/releases/)
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/iceberg/apache-iceberg-0.7.0-incubating/apache-iceberg-0.7.0-incubating.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/iceberg/apache-iceberg-0.7.0-incubating/apache-iceberg-0.7.0-incubating.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
>
> Nemo (http://nemo.incubator.apache.org/pages/downloads/)
> Links to signatures and hashes are missing
>
> Ratis (https://ratis.incubator.apache.org/#download)
> Links to signatures and hashes are missing
>
> S2Graph (http://s2graph.incubator.apache.org/download.html)
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/s2graph/0.2.0-incubating/apache-s2graph-0.2.0-incubating-src.tgz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/s2graph/0.1.0-incubating/apache-s2graph-0.1.0-incubating-src.tgz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
>
> Spot (http://spot.incubator.apache.org/download/)
> Please change link to
> http://www-eu.apache.org/dist/incubator/spot/1.0-incubating/apache-spot-1.0-incubating.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> http://www-eu.apache.org/dist/incubator/spot/1.0-incubating/apache-spot-1.0-incubating.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
>
> Tamaya (http://tamaya.incubator.apache.org/download.html)
> Links to signatures and hashes are missing
>
> Toree http://toree.incubator.apache.org/download/
> Please change link to
> http://www.apache.org/dist/incubator/toree/0.3.0-incubating/toree/toree-0.3.0-incubating-bin.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> http://www.apache.org/dist/incubator/toree/0.3.0-incubating/toree/toree-0.3.0-incubating-bin.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> http://www.apache.org/dist/incubator/toree/0.3.0-incubating/toree-pip/toree-0.3.0.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> http://www.apache.org/dist/incubator/toree/0.3.0-incubating/toree-pip/toree-0.3.0.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> http://www.apache.org/dist/incubator/toree/0.3.0-incubating/toree/toree-0.3.0-incubating-src.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> http://www.apache.org/dist/incubator/toree/0.3.0-incubating/toree/toree-0.3.0-incubating-src.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
>
>
> Weex (https://weex.incubator.apache.org/download/download.html)
> Please change link to
> https://dist.apache.org/repos/dist/release/incubator/weex/0.28.0/apache-weex-incubating-0.28.0-src.tar.gz.sha512
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
> Please change link to
> ttps://archive.apache.org/dist/incubator/weex/0.26.0/apache-weex-incubating-0.26.0-src.tar.gz.asc
> to go via https://www.apache.org/dist/ or https://archive.apache.org/dist
>
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
