On 23/04/2020 18:42, Tianon Gravi wrote: > Hi! > > I'm downloading 10.0.0-M4 from the download page[1] and was hoping to > be able to use PGP to verify the artifacts (as in other versions), and > it seems the link from that page[2] is a 404? > > [1]: https://tomcat.apache.org/download-10.cgi > [2]: > https://downloads.apache.org/tomcat/tomcat-10/v10.0.0-M4/bin/apache-tomcat-10.0.0-M4.tar.gz.asc > > I've checked a couple other download mirrors and archive.apache.org, > and it appears that M3 *did* include a signature file for > "apache-tomcat-10.0.0-M3.tar.gz" (but interestingly, M1 did not > include one for "apache-tomcat-10.0.0-M1.tar.gz") so perhaps this is > just a pipeline hiccup / minor oversight?
Thanks for the heads up. That part of the release process is fully automated and it includes signature generation. There have been a couple of glitches lately. I'm not sure what is going on. I'll try and watch the console for the next set of builds more carefully. I still have the original build outputs locally so I'll generate any missing signatures and get them uploaded. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
