Re: Updated checksum policy doc update

[Henk P. Penning]

Hi,

  FYI ; I updated the 'verification' page.

https://www.apache.org/info/verification

  -- section "Checking Hashes" :
 This section now has a reference to 'checker.apache.org',
 including a form to submit a SHA-1 to the checker.

  -- section "Checking Signatures" :
 -- Unchanged ;
 -- read it ...
 -- the first, easy part (check the detached signature) is ok ;
 -- the second (not-so-easy) part (Validating Authenticity
of a Key) is entirely impractical : "A good start to
validating a key is by face-to-face communication ..."

  Here is a puzzle :

  -- look at http://www.staff.science.uu.nl/~penni101/puzzle/
  -- prove that 'foo' an authentic ASF artifact

  Regards,

  Henk Penning

   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/

-- Forwarded message --
Date: Sun, 25 Mar 2018 14:18:06 +0200 (CEST)
From: Henk P. Penning 
To: ComDev 
Cc: Users 
Subject: Re: Updated checksum policy doc update

On Sat, 24 Mar 2018, Christopher wrote:


 Date: Sat, 24 Mar 2018 21:16:04 +0100
 From: Christopher 
 To: ComDev 
 Cc: Users 
 Subject: Updated checksum policy doc update

 The recently updated checksum policy from infra means more people should be
 using tools like sha512sum or shasum (or even sha1sum) instead of md5sum,
 but the instructions for users to verify releases:
 https://www.apache.org/info/verification only mention md5sum tools. They
 should be updated to include mention of tools for checking SHA-1 and SHA-2
 hashes. This page is so old and out of date, that it even still mentions
 textutils, which was rolled into coreutils 15 years ago.

 I'm not sure who can update this page, but it definitely needs some
 attention. Otherwise, projects will have to provide their own, possibly
 inconsistent, verification instructions (rather than link to this page, as
 many do now).


Hi,

   I fixed up https://www.apache.org/info/verification a little,
   regarding "Checking Hashes" ; it is still impractical.

  I would rather refer people to

https://checker.apache.org/dist/verify.html

  See for examples (click left ; click right) :

https://checker.apache.org/#META-files

  Regards,

  Henk Penning

   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

About Registration

[Buddhika Lakshan]

hi,

How to be a apache member?

Regards,
*Buddhika Lakshan*
*Bsc(eng)-Software engineering*

Re: About Registration

[Stian Soiland-Reyes]

On Fri, 30 Mar 2018, 09:19 Buddhika Lakshan,
 wrote:
> How to be a apache member?

Formal membership of the Apache Software Foundation is by invitation
only, following a formal vote. Membership recognize long-term
commitment to the goals and practices of the ASF.


However, anyone can contribute to any of our projects, no need to
"register" - they are all open source!

https://community.apache.org/newcomers/


Contact the ASF project of interest for further help. For instance
here is how you can typically contribute to a fictional Apache project
"Foo"

Sign up to the d...@foo.apache.org mailing list http://lists.apache.org/
   Basically there is were all decisions and communication should
happen in a project, although some of the emails might be coming
through from Jira and GitHub pull requests.
   Just lurking around and read how communication is done can teach you a lot.

Download their source code from git/svn, make sure it builds on your machine.

Feel free to ask questions on the dev@ list if you can't get your
build environment set up or weird errors pop up  - it could be the
project needs to update the build instructions?

Find a bug or idea you want to work on - most projects use
https://issues.apache.org/jira/ or GitHub issues, so you can just
search around there for something easy.

Fork on GitHub, check out to your own branch

Once you have some kind of (small) fix, raise a Pull Request. Rather
multiple PRs than a single big one!

Respond to questions to the Pull request, e.g. for suggested code improvements!

If no-one responds to your PR for a few days, perhaps they were on
their Easter break? Just ping on the dev@ list - but don't be
inpatient as most Apache contributors do this in their spare time.



Here's a bit more about the formal processes and how the Foundation
works, written by Foundation member (and now on Board of directors)
Shane Curcuru
https://communityovercode.com/2015/03/how-apache-really-works/


Basically the organizational ASF "career" path is:

* Anonymous (you just download and use our code, that's fine!)
* User questions (asking questions on mailing list on how to use the code)
* (unofficial) project contributor (anyone joining mailing list
discussion, submitting pull requests, website updates)
* (official) Project Committer (formal write access, recognizes contributors)
* Project Management Committee (voting rights on releasesand new
project members; recognizes project-wide commitment)
* Foundation Member (voting rights on board of directors and new
members, policy discussions; recognize ASF-wide commitment)
* Board of Director (day to day running of the foundation; recognize
ASF-wide leadership)

ASF is a "meritocracy" - the more you do, the more you will be
recognized! But there is no requirement to climb this ladder; most
Apache contributors are at the top lines of this list, so the easiest
is just to start contributing! And it is important to note that it
does not have to be code; documentation, design, discussion, mentoring
- all of them count! Have fun!

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org