Dave Fisher wrote on Thu, 31 Aug 2017 13:35 -0700:
> Regardless of what Jane User knows, and we have 200 million Jane Users of
> Apache OpenOffice, I think it would be helpful to have an Apache Download
> checker program/script that could be run to confirm the bonafides.
>
> An idea.
Why stop h
Hello,
Can you please grant write access for my user (abti) to the Incubator
wiki (https://wiki.apache.org/incubator/)? I need it to
help out with the September report for the Gobblin project.
Thanks in advance!
Regards,
Abhishek
Hey Joe,
Thanks for the pointer. I think Henk needs to be involved.
Regards,
Dave
Sent from my iPhone
> On Aug 31, 2017, at 3:31 PM, Joe Schaefer wrote:
>
> Henk's scripting does that and much more.
>
>> On Thu, Aug 31, 2017 at 5:09 PM Ted Dunning wrote:
>>
>> I thought that gpg does that.
On Wed, Aug 30, 2017 at 5:08 PM Julian Hyde wrote:
> What is the correct forum for discussing release distribution policy?
>
>
Good question. I hope it's this one, since this is where the discussion is
happening.
> Current policy [1] states:
>
> Every artifact distributed to the public throu
September 2017 Incubator report timeline:
https://wiki.apache.org/incubator/September2017
Wed September 06 -- Podling reports due by end of day
Sun September 10 -- Shepherd reviews due by end of day
Sun September 10 -- Summary due by end of day
Tue September 12 -- Mentor signo
Henk's scripting does that and much more.
On Thu, Aug 31, 2017 at 5:09 PM Ted Dunning wrote:
> I thought that gpg does that.
>
> On Thu, Aug 31, 2017 at 1:35 PM, Dave Fisher
> wrote:
>
> > Regardless of what Jane User knows, and we have 200 million Jane Users of
> > Apache OpenOffice, I think i
I thought that gpg does that.
On Thu, Aug 31, 2017 at 1:35 PM, Dave Fisher wrote:
> Regardless of what Jane User knows, and we have 200 million Jane Users of
> Apache OpenOffice, I think it would be helpful to have an Apache Download
> checker program/script that could be run to confirm the bona
Regardless of what Jane User knows, and we have 200 million Jane Users of
Apache OpenOffice, I think it would be helpful to have an Apache Download
checker program/script that could be run to confirm the bonafides.
An idea.
Regards,
Dave
> On Aug 31, 2017, at 1:22 PM, Julian Hyde wrote:
>
>
I know this. You know this. Joe User does not know this. I am trying to make
Joe User’s life easier.
Since SHA256 is sufficient for both purposes why does release policy MANDATE
that projects include an MD5?
Julian
> On Aug 31, 2017, at 1:17 PM, Ted Dunning wrote:
>
> The checksum is not a
The checksum is not a tampering countermeasure.
It is a "mirror ran out of diskpace" or "IP checksums are only 32 bits"
countermeasure.
On Thu, Aug 31, 2017 at 11:35 AM, Julian Hyde wrote:
> As security experts, you and I know that. But Joe User maybe only checks
> one digest.
>
> (Aren’t we
As security experts, you and I know that. But Joe User maybe only checks one
digest.
(Aren’t we all Joe User sometimes?)
Julian
> On Aug 31, 2017, at 11:30 AM, Mike Jumper wrote:
>
> On Aug 31, 2017 11:21, "Julian Hyde" wrote:
>
> After downloading artifacts, there are 3 things to check: (1
On Aug 31, 2017 11:21, "Julian Hyde" wrote:
After downloading artifacts, there are 3 things to check: (1) the download
is successful; (2) the artifacts were indeed created by the named author;
and (3) the artifacts have not been tampered with.
A security expert would know to use the .md5 for (1)
After downloading artifacts, there are 3 things to check: (1) the download is
successful; (2) the artifacts were indeed created by the named author; and (3)
the artifacts have not been tampered with.
A security expert would know to use the .md5 for (1), the .asc for (2), and the
.sha256 or .sha
On Wed, 30 Aug 2017, Julian Hyde wrote:
Date: Wed, 30 Aug 2017 14:08:42 -0700
From: Julian Hyde
To: general@incubator.apache.org
Subject: Digests in releases
What is the correct forum for discussing release distribution policy?
MD5 is no longer deemed secure[2]. I think we should remove it
+1 (Non-binding)
On Thu, Aug 31, 2017 at 1:55 PM, liuxue wrote:
> +1
>
> Being a TLP is not the final goal of RocketMQ, I think it will affect more
> people and company at future.
>
> On Wed, Aug 30, 2017 at 9:50 PM, Bruce Snyder
> wrote:
>
> > +1
> >
> > Nice work guys!
> >
> > Bruce
> >
> > O
15 matches
Mail list logo
