Hello Benedikt, I have pushed an updated download page text (a bit shorter than your proposal).
I also made changes to CONTRIBUTING/README.md goals which will work for VFS (more or less, some manual work is required for javadoc url and download url). But the change uses an ugly hack thats why I havent commited it yet, you find the patch here: https://issues.apache.org/jira/browse/COMMONSSITE-81 (can you especially confirm that changing the pom (commons.componentid) of the plugin project is fine). Gruss Bernd Am Wed, 31 Dec 2014 15:59:19 +0100 schrieb Benedikt Ritter <brit...@apache.org>: > Hey Bernd, > > note that the readme and contributing goals still don't really work > for multi module projects. But I think that can be fixed in the next > release if anybody has the time? > > Benedikt > > 2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <e...@zusammenkunft.net>: > > > Hello sebb, > > > > ok I can amend my changes to add this. I will wait a day to see if > > more issues come up. > > > > I was trying to be brief as we have the validation > > page explaining all, but it might be good to be a bit verbose here. > > > > Gruss > > Bernd > > > > > > Am Mon, 29 Dec 2014 20:51:21 +0000 > > schrieb sebb <seb...@gmail.com>: > > > > > On 29 December 2014 at 20:13, Bernd Eckenfels > > > <e...@zusammenkunft.net> wrote: > > > > Am Mon, 29 Dec 2014 20:01:29 +0000 > > > > schrieb sebb <seb...@gmail.com>: > > > > > > > >> On 29 December 2014 at 19:48, Bernd Eckenfels > > > >> <e...@zusammenkunft.net> wrote: > > > >> > The download page of apache commons reads like there is > > > >> > supposed to be a KEYS column in the table. But it is now a > > > >> > general link, so I would apply the following changes, if you > > > >> > agree: > > > >> > > > >> I think the reference to the KEYS file needs to come before the > > > >> hashes. We want to encourage sig checking as the primary way to > > > >> check downloads. > > > >> > > > >> But I agree that the text needs some TLC. > > > > > > > > Cool, how is this: > > > > > > > > <p> > > > > Please <a > > > > href="http://www.apache.org/info/verification.html";>verify the > > > > integrity</a> of downloaded files against the public code > > > > signing <a > > > > href="http://www.apache.org/dist/commons/KEYS";>KEYS</a> used by > > > > the Apache Commons developers. </p> <p> > > > > The <code>pgp</code> link downloads the OpenPGP > > > > compatible signature from our main site. The <code>md5</code> > > > > link downloads the checksum from the main site. </p> > > > > > > > > > > Better, but the verification is not actually against the KEYS > > > file. How about: > > > > > > <p> > > > It is essential that you <a > > > href="http://www.apache.org/info/verification.html";>verify the > > > integrity</a> > > > of downloaded files, preferabley using the > > > <code>PGP</code> signature; failing that using the > > > <code>MD5</code> hash. <p> > > > </p> > > > The <a > > > href="http://www.apache.org/dist/commons/KEYS";>KEYS</a> file > > > contains the public keys used by Apache Commons developers to > > > sign releases. It is used in conjunction with the > > > <code>PGP</code> signature for the download > > > </p> > > > <p> > > > The <code>PGP</code> link downloads the OpenPGP compatible > > > signature from our main site. > > > The <code>MD5</code> link downloads the checksum from our > > > main site. </p> > > > > > > > > > I'm sure this could be improved further. > > > > > > The generated links should probably also upcased to PGP and MD5 so > > > they stand out better. > > > > > > > Gruss > > > > Bernd > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
