dsmiley commented on pull request #1769:
URL: https://github.com/apache/lucene-solr/pull/1769#issuecomment-729210262
Wouldn't it be simpler for the release manager to build the docker image,
examine the sha256 hash of the image, and publish that to the download
location, making it official? Someone who wants to use the official Solr
docker image who is ultra-paranoid can reference the image by hash like so:
docker run --rm
solr@sha256:02fe5f1ac04c28291fba23a18cd8765dd62c7a98538f07f2f7d8504ba217284d
That runs Solr 8.7, the official one. It's compact and can even be
broadcasted easily in the release announcement for future Solr releases for
people to get _and run_ the latest release immediately, and be assured it's the
correct one.
I wonder what other major Apache projects do.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
