Agreed on all points regarding the zip. Since you offered, I updated the scripts to require it and the sha512 noted below :-) The verification includes verifying the tar.gz and zip contents are the same.
On another topic, [1] says the suffix MUST be sha512 for a SHA 512 sum (which in fact is what the file contains) apache-edgent-1.2.0-incubating-source-release.tar.gz.sha1 So that needs be changed in the staging area in addition to staging the zip and its sums/sig. Thanks! — Dale [1] http://www.apache.org/dev/release-distribution#sigs-and-sums > On Dec 6, 2017, at 2:35 PM, Christofer Dutz <christofer.d...@c-ware.de> wrote: > ... > I just had a look at what the script was looking for. If releasing tar and > zip i think we would have to do the checking for both types. I can add the > other zip easily. But in that Case i would suggest adding that to the script > and add one check to make sure the content is identical. Would be good If we > could be sure we need to detail-check only one. > ... > From: Dale LaBossiere <dml.apa...@gmail.com> > ... > -Papache-release also generates a zip. I had expected we’d be releasing that > too but it isn’t staged. > At this time I’m fine if we just continue 1.2.0 with only the tar.gz but if > you also want to stage the zip that's fine too. > > I just need to know which way we’re going because I need to adjust the > “downloads” website page accordingly.