Thank you, Dave :D It gives a reason. I'm OK with this explanation now so that I won't bring it to the INFRA.
Back to the original purpose of this thread, I suggest: 1. Go through our Incubator Guide and find if we have some references to this release distribution policy (maybe in [1][2]). Then, make this requirement clear and discoverable. 2. Try to implement the preview feature and add the verify items in one project so later we use it as a reference. [1] https://incubator.apache.org/guides/distribution.html [2] https://incubator.apache.org/guides/releasemanagement.html I'll try my best to find time to work on it, but I don't declare it an assignment. Best, tison. Dave Fisher <w...@apache.org> 于2024年4月29日周一 02:46写道: > > > > On Apr 28, 2024, at 9:58 AM, tison <wander4...@gmail.com> wrote: > > > > Thank you! > > > > I found there is no rationale for these links, and thus, it's quite a bit > > challenging in memory. > > > > IIRC the closer.lua script is for selecting the most proper CDN for > > source/binary bundles in use. They can, technically, work for SHASUM and > > signatures also. Why do we use https://downloads.apache.org for the > latter > > two? > > Historically we had a mirror network and closer.lua picked out a mirror > near you. In order to be sure that the download source or binary on the > mirror was not altered on (or on its way to or from) the mirror, the > detached signature and checksums must be served from ASF controlled > resources. > > Whether or not this still makes sense is a discussion for Infra since they > are charged with enforcing and supporting the release distribution policy. > > Best, > Dave > > > > > Best, > > tison. > > > > > > sebb <seb...@gmail.com> 于2024年4月29日周一 00:34写道: > > > >> On Sun, 28 Apr 2024 at 15:38, tison <wander4...@gmail.com> wrote: > >>> > >>> Yeah. I support that we always need to release sources on our platform. > >>> > >>> Given the links to downloads.apache.org, archive.apache.org, > >>> https://www.apache.org/dyn/closer.lua, can be unintuitive for users, I > >>> agree that we can have a simple Download page for such library-only > >>> projects. > >> > >> The download page can also be used for links to release notes, and to > >> provide other support information. > >> > >>> Here is a patch to cover a minimal download page [1], which is derived > >> from > >>> OpenDAL's download page [2]. Welcome to leave comments if you find any > >>> issues or things we can improve on. > >>> > >>> [1] https://github.com/apache/datafusion/pull/10271 > >> > >> The closer.lua script is only intended for the source and binary > bundles. > >> > >> The sigs and hashes (and KEYS) should link directly to > >> https://downloads.apache.org/datafusion/... > >> > >>> [2] https://opendal.apache.org/download > >>> > >>> Best, > >>> tison. > >>> > >>> > >>> Justin Mclean <jus...@classsoftware.com> 于2024年4月28日周日 10:02写道: > >>> > >>>> Hi, > >>>> > >>>> Projects need to make source releases on ASF infrastructure and have a > >>>> download page for good reasons. Some users need a place to verify and > >>>> download a trusted release. Having it hosted on ASF infrastructure > >> means > >>>> people can 100% trust it, unlike 3rd party providers. 3rd party > >> providers > >>>> have gone rogue in the past (e.g . Source Forge), disappeared (e.g. > >> Google > >>>> Code), or had multiple serious issues (e.g. NPM). Also by placing a > >> release > >>>> in the ASF distribution area / a project download page gives > confidence > >>>> that the ASF release process has been followed and that it is not a > >> release > >>>> by a 3rd party or an unofficial release of some sort. IMO, all > >> projects > >>>> need to have a download page, even if it may not be used by the > >> majority of > >>>> users. > >>>> > >>>> Kind Regards, > >>>> Justin > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > >>>> For additional commands, e-mail: general-h...@incubator.apache.org > >>>> > >>>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > >> For additional commands, e-mail: general-h...@incubator.apache.org > >> > >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
