Hi Alan,
The hashes were created based on the directions at
http://www.apache.org/dev/release-signing.html#md5
There was a discussion about this when we submitted our first release on
the incubator list and we decided to include the file names along with
the hashes (see http://markmail.org/message/t3caj6um22ni3wo2 )
I used the following shell script to verify the signatures (which were
generated by 'mvn release:perform') and to generate the hashes:
for f in *.tar.gz *.zip; do \
gpg --verify $f.asc $f; \
gpg --print-md SHA1 $f > $f.sha1; \
gpg --print-md MD5 $f > $f.md5; \
done
Best regards,
Leonidas
On 06/23/2014 08:43 AM, Alan Cabrera wrote:
On Jun 15, 2014, at 10:08 PM, Leonidas Fegaras <[email protected]
<mailto:[email protected]>> wrote:
The release tarballs, including signatures, digests, etc can be found at:
https://dist.apache.org/repos/dist/dev/incubator/mrql/0.9.2-incubating-RC2/
I was wondering how the hashes were created by the files in this
directory. They seem to have the file names as well as the hash in
the corresponding hash files as opposed to simply the hash.
Just curious.
Regards,
Alan
.
