On Wed, Mar 25, 2015 at 11:55 AM, Branko Čibej <br...@apache.org> wrote:
> On 25.03.2015 19:07, Dmitriy Setrakyan wrote: > > Brane, > > > > The wrong download checksum issue has been addressed (I think). Please > > double check me. The reason it happened was that I had two identical > > folders with different names sitting next to each other and grabbed the > > wrong one. The only difference was the name of the archive. (I should > > really stop working after midnight :) > > Should be publishing exactly what was voted on, not even re-zipping, > IMO. This is one of the reasons why it's a good idea to have the whole > release process scripted; no manual archiving, copying, etc. anywhere. > This should be the case now. > > > As far as keeping the binary bits in the "dist.apache.org", I looked > around > > and many projects are doing it, e.g. Cassandra (TLP), Aurora > (Incubating). > > The binaries must be on dist.apache.org; that's mandatory. Any change on > that site is mirrored to a zillion places around the world. > > > I believe it only poses an issue when you have massive amount of > downloads, > > like Apache HTTP server for example, which is not the case for us. If it > is > > OK, I would prefer to leave it as is for now, or ask the community to > > address it later. > > I'd consider it a service to users to provide links to mirrors whenever > possible. It's not something that needs addressing right now, but it > would be nice to get it done soon-ish. As I said, I can help here; I > know how the direct-download links to mirrors are set up for Subversion > and APR, so it shouldn't be too hard get a similar solution working for > Ignite. > Thanks Brane, your help will definitely be appreciated here :) > -- Brane > > > > > D. > > > > On Wed, Mar 25, 2015 at 2:55 AM, Branko Čibej <br...@apache.org> wrote: > > > >> On 25.03.2015 09:35, Dmitriy Setrakyan wrote: > >>> The first official Apache Ignite release (albeit release candidate) was > >>> uploaded and the download page is updated: > >>> > >>> https://ignite.incubator.apache.org/download.html > >> > >> Well, I have to say I'm confused and just a bit unhappy. > >> > >> We voted on a source package named > >> > >> incubator-ignite-1.0.0-rc3.zip > >> > >> with hash > >> > >> 68f74cff64dabf43e8f41bc478e814102a749cce > >> > >> and now here I'm offered to download > >> > >> ignite-fabric-1.0.0-RC3-src.zip > >> > >> with a different size and hash > >> > >> 46e932dc4e05ce757ce156f0e30d0ea98920eea8 > >> > >> This is clearly not the source package we voted on, so it is not what > >> was released by the Incubator PMC. Please fix this ASAP and let's not > >> make this sort of mistake again. You have to publish the exact same > >> package that was voted for release, not something else, even if the > >> differences are trivial. > >> > >> > >> Next, the package name: I'm not aware of an Apache project or podling > >> called "Ignite fabric". The "incubator-ignite-x.y.z" name was fine, I > >> don't understand why you renamed it. Once the podling graduates, I'd > >> expect the package to be called 'apache-ignite-x.y.x' or just > >> 'ignite-x.y.x'. > >> > >> > >> Next, it would be nice if the download page stated explicitly that the > >> binary package is there for convenience and is not an official ASF > >> release. My suggestion would be to split the page into three sections: > >> > >> * Downloads of official ASF released sources > >> * Instructions for building from source (either the unpacked package > >> or from git, or both) > >> * Link to convenience binaries built from the released sources > >> > >> > >> And last, I believe I mentioned at some point that posting download > >> links to the ASF dist server is frowned upon. The thing to do is to post > >> a link to a mirror; for example: > >> > >> > >> > http://www.apache.org/dyn/closer.cgi?path=incubator/ignite/source/ignite-fabric-1.0.0-RC3-src.zip > >> > >> this will return a link to the geographically closest mirror. Be aware > >> that it can take up to 24 hours for mirrors to synchronize once the > >> package is on the dist server, so it's a good idea to wait that long > >> before posting the download link and announcing the release. > >> > >> There are ways, with a bit of scripting on the site, to get direct > >> download links instead of bouncing people through the mirrors page; > >> here's an example: > >> > >> http://httpd.apache.org/download.cgi > >> > >> Note that this page keeps the PGP/hash links pointing to our dist server > >> so that a malicious hacker would have to hack into both your mirror and > >> the master server to fake hashes and signatures on a hacked package. > >> > >> > >> -- Brane > >> > >
