Hello Bernd 2015-01-02 10:04 GMT+01:00 Benedikt Ritter <brit...@apache.org>:
> Hello Bernd, > > 2014-12-31 19:00 GMT+01:00 Bernd Eckenfels <e...@zusammenkunft.net>: > >> Hello Benedikt, >> >> I have pushed an updated download page text (a bit shorter than your >> proposal). >> >> I also made changes to CONTRIBUTING/README.md goals which will work for >> VFS (more or less, some manual work is required for javadoc url and >> download url). But the change uses an ugly hack thats why I havent >> commited it yet, you find the patch here: >> >> https://issues.apache.org/jira/browse/COMMONSSITE-81 >> >> (can you especially confirm that changing the pom >> (commons.componentid) of the plugin project is fine). >> > > I'll try to have a look today or tomorrow. > I've committed your patch. If it now works for vfs, thats fine. However I just realized that it doesn't work for lang anymore, since it will generate for example: https://commons.apache.org/proper/commons-lang3/download_lang3.cgi but the correct URL is https://commons.apache.org/proper/commons-lang/download_lang.cgi I think we can not make this work for all components without making them more alike. There will be a bit manual adjusting of the files involved (just like when you create the RELEASE-NOTES.txt for a new release). Benedikt > > Benedikt > > >> >> Gruss >> Bernd >> >> Am Wed, 31 Dec 2014 15:59:19 +0100 >> schrieb Benedikt Ritter <brit...@apache.org>: >> >> > Hey Bernd, >> > >> > note that the readme and contributing goals still don't really work >> > for multi module projects. But I think that can be fixed in the next >> > release if anybody has the time? >> > >> > Benedikt >> > >> > 2014-12-29 21:58 GMT+01:00 Bernd Eckenfels <e...@zusammenkunft.net>: >> > >> > > Hello sebb, >> > > >> > > ok I can amend my changes to add this. I will wait a day to see if >> > > more issues come up. >> > > >> > > I was trying to be brief as we have the validation >> > > page explaining all, but it might be good to be a bit verbose here. >> > > >> > > Gruss >> > > Bernd >> > > >> > > >> > > Am Mon, 29 Dec 2014 20:51:21 +0000 >> > > schrieb sebb <seb...@gmail.com>: >> > > >> > > > On 29 December 2014 at 20:13, Bernd Eckenfels >> > > > <e...@zusammenkunft.net> wrote: >> > > > > Am Mon, 29 Dec 2014 20:01:29 +0000 >> > > > > schrieb sebb <seb...@gmail.com>: >> > > > > >> > > > >> On 29 December 2014 at 19:48, Bernd Eckenfels >> > > > >> <e...@zusammenkunft.net> wrote: >> > > > >> > The download page of apache commons reads like there is >> > > > >> > supposed to be a KEYS column in the table. But it is now a >> > > > >> > general link, so I would apply the following changes, if you >> > > > >> > agree: >> > > > >> >> > > > >> I think the reference to the KEYS file needs to come before the >> > > > >> hashes. We want to encourage sig checking as the primary way to >> > > > >> check downloads. >> > > > >> >> > > > >> But I agree that the text needs some TLC. >> > > > > >> > > > > Cool, how is this: >> > > > > >> > > > > <p> >> > > > > Please <a >> > > > > href="http://www.apache.org/info/verification.html";>verify the >> > > > > integrity</a> of downloaded files against the public code >> > > > > signing <a >> > > > > href="http://www.apache.org/dist/commons/KEYS";>KEYS</a> used by >> > > > > the Apache Commons developers. </p> <p> >> > > > > The <code>pgp</code> link downloads the OpenPGP >> > > > > compatible signature from our main site. The <code>md5</code> >> > > > > link downloads the checksum from the main site. </p> >> > > > > >> > > > >> > > > Better, but the verification is not actually against the KEYS >> > > > file. How about: >> > > > >> > > > <p> >> > > > It is essential that you <a >> > > > href="http://www.apache.org/info/verification.html";>verify the >> > > > integrity</a> >> > > > of downloaded files, preferabley using the >> > > > <code>PGP</code> signature; failing that using the >> > > > <code>MD5</code> hash. <p> >> > > > </p> >> > > > The <a >> > > > href="http://www.apache.org/dist/commons/KEYS";>KEYS</a> file >> > > > contains the public keys used by Apache Commons developers to >> > > > sign releases. It is used in conjunction with the >> > > > <code>PGP</code> signature for the download >> > > > </p> >> > > > <p> >> > > > The <code>PGP</code> link downloads the OpenPGP compatible >> > > > signature from our main site. >> > > > The <code>MD5</code> link downloads the checksum from our >> > > > main site. </p> >> > > > >> > > > >> > > > I'm sure this could be improved further. >> > > > >> > > > The generated links should probably also upcased to PGP and MD5 so >> > > > they stand out better. >> > > > >> > > > > Gruss >> > > > > Bernd >> > > > > >> > > > > >> --------------------------------------------------------------------- >> > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> > > > > For additional commands, e-mail: dev-h...@commons.apache.org >> > > > > >> > > > >> > > > >> --------------------------------------------------------------------- >> > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> > > > For additional commands, e-mail: dev-h...@commons.apache.org >> > > > >> > > >> > > >> > > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> > > For additional commands, e-mail: dev-h...@commons.apache.org >> > > >> > > >> > >> > >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >> > > > -- > http://people.apache.org/~britter/ > http://www.systemoutprintln.de/ > http://twitter.com/BenediktRitter > http://github.com/britter > -- http://people.apache.org/~britter/ http://www.systemoutprintln.de/ http://twitter.com/BenediktRitter http://github.com/britter
