Hey Bernd, note that the readme and contributing goals still don't really work for multi module projects. But I think that can be fixed in the next release if anybody has the time?
Benedikt 2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <e...@zusammenkunft.net>: > Hello sebb, > > ok I can amend my changes to add this. I will wait a day to see if more > issues come up. > > I was trying to be brief as we have the validation > page explaining all, but it might be good to be a bit verbose here. > > Gruss > Bernd > > > Am Mon, 29 Dec 2014 20:51:21 +0000 > schrieb sebb <seb...@gmail.com>: > > > On 29 December 2014 at 20:13, Bernd Eckenfels > > <e...@zusammenkunft.net> wrote: > > > Am Mon, 29 Dec 2014 20:01:29 +0000 > > > schrieb sebb <seb...@gmail.com>: > > > > > >> On 29 December 2014 at 19:48, Bernd Eckenfels > > >> <e...@zusammenkunft.net> wrote: > > >> > The download page of apache commons reads like there is supposed > > >> > to be a KEYS column in the table. But it is now a general link, > > >> > so I would apply the following changes, if you agree: > > >> > > >> I think the reference to the KEYS file needs to come before the > > >> hashes. We want to encourage sig checking as the primary way to > > >> check downloads. > > >> > > >> But I agree that the text needs some TLC. > > > > > > Cool, how is this: > > > > > > <p> > > > Please <a > > > href="http://www.apache.org/info/verification.html";>verify the > > > integrity</a> of downloaded files against the public code signing > > > <a href="http://www.apache.org/dist/commons/KEYS";>KEYS</a> used by > > > the Apache Commons developers. </p> > > > <p> > > > The <code>pgp</code> link downloads the OpenPGP compatible > > > signature from our main site. The <code>md5</code> link downloads > > > the checksum from the main site. </p> > > > > > > > Better, but the verification is not actually against the KEYS file. > > How about: > > > > <p> > > It is essential that you <a > > href="http://www.apache.org/info/verification.html";>verify the > > integrity</a> > > of downloaded files, preferabley using the <code>PGP</code> > > signature; failing that using the <code>MD5</code> hash. > > <p> > > </p> > > The <a href="http://www.apache.org/dist/commons/KEYS";>KEYS</a> > > file contains the public keys > > used by Apache Commons developers to sign releases. > > It is used in conjunction with the <code>PGP</code> signature > > for the download > > </p> > > <p> > > The <code>PGP</code> link downloads the OpenPGP compatible > > signature from our main site. > > The <code>MD5</code> link downloads the checksum from our > > main site. </p> > > > > > > I'm sure this could be improved further. > > > > The generated links should probably also upcased to PGP and MD5 so > > they stand out better. > > > > > Gruss > > > Bernd > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- http://people.apache.org/~britter/ http://www.systemoutprintln.de/ http://twitter.com/BenediktRitter http://github.com/britter
