[
https://issues.apache.org/jira/browse/GROOVY-9458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17080450#comment-17080450
]
Paul King commented on GROOVY-9458:
-----------------------------------
Looks like there is no issue from the Infra point of view. I have sent an email
to trademarks to check on branding issues. I'll report back here when I hear
further.
> Missing sigs and hashes on download page
> ----------------------------------------
>
> Key: GROOVY-9458
> URL: https://issues.apache.org/jira/browse/GROOVY-9458
> Project: Groovy
> Issue Type: Bug
> Reporter: Sebb
> Priority: Major
>
> The public download page includes links to several Windows installer
> executables.
> These have neither signatures nor hashes.
> However as per [1]
> "All supplied packages MUST be cryptographically signed by the Release
> Manager with a detached signature"
> And as per [2]
> "For every artifact distributed to the public through Apache channels, the
> PMC ... MUST supply at least one checksum file"
> Please either remove the links or provide the required sigs and hashes.
> Thanks.
> [1] http://www.apache.org/legal/release-policy.html#release-signing
> [2] https://www.apache.org/dev/release-distribution#sigs-and-sums
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
