[jira] [Commented] (SLING-11262) Multiple broken links on download page
[ https://issues.apache.org/jira/browse/SLING-11262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17523230#comment-17523230 ] Sebb commented on SLING-11262: -- Also it does not make sense to provide asc and sha1 files for the Eclipse 1.2.2 update site. Sha1 checksums have long been deprecated, and should not be used on download pages. Removing them from the download page would also help reduce the number of broken links which is currently over 700. > Multiple broken links on download page > -- > > Key: SLING-11262 > URL: https://issues.apache.org/jira/browse/SLING-11262 > Project: Sling > Issue Type: Bug >Reporter: Sebb >Priority: Major > Attachments: sling_errors.txt > > > The download page [1] has hundreds of broken links, see attachment > [1] https://sling.apache.org/downloads.cgi -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (SLING-11262) Multiple broken links on download page
Sebb created SLING-11262: Summary: Multiple broken links on download page Key: SLING-11262 URL: https://issues.apache.org/jira/browse/SLING-11262 Project: Sling Issue Type: Bug Reporter: Sebb Attachments: sling_errors.txt The download page [1] has hundreds of broken links, see attachment [1] https://sling.apache.org/downloads.cgi -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (SLING-11262) Multiple broken links on download page
[ https://issues.apache.org/jira/browse/SLING-11262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sebb updated SLING-11262: - Attachment: sling_errors.txt > Multiple broken links on download page > -- > > Key: SLING-11262 > URL: https://issues.apache.org/jira/browse/SLING-11262 > Project: Sling > Issue Type: Bug > Reporter: Sebb >Priority: Major > Attachments: sling_errors.txt > > > The download page [1] has hundreds of broken links, see attachment > [1] https://sling.apache.org/downloads.cgi -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (SLING-10153) Missing/spurious pom files
Sebb created SLING-10153: Summary: Missing/spurious pom files Key: SLING-10153 URL: https://issues.apache.org/jira/browse/SLING-10153 Project: Sling Issue Type: Bug Environment: https://dist.apache.org/repos/dist/release/sling/ Reporter: Sebb There are some inconsistencies around the released pom files: No .pom file: sling-39.pom.asc sling-39.pom.md5 sling-39.pom.sha1 No sigs or hashes: sling-40.pom No .pom file: sling-bundle-parent-39.pom.asc sling-bundle-parent-39.pom.md5 sling-bundle-parent-39.pom.sha1 No sigs or hashes: sling-bundle-parent-40.pom -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-10152) Missing release artifact installhook-1.1.0-source-release.zip
Sebb created SLING-10152: Summary: Missing release artifact installhook-1.1.0-source-release.zip Key: SLING-10152 URL: https://issues.apache.org/jira/browse/SLING-10152 Project: Sling Issue Type: Bug Reporter: Sebb The file org.apache.sling.installer.provider.installhook-1.1.0-source-release.zip is not present, yet there are sig and hash files for it Looks like it was omitted from the commit that uploaded the related files -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-10151) Missing signatures for various release artifacts
Sebb created SLING-10151: Summary: Missing signatures for various release artifacts Key: SLING-10151 URL: https://issues.apache.org/jira/browse/SLING-10151 Project: Sling Issue Type: Bug Environment: https://downloads.apache.org/sling/ Reporter: Sebb The following release artifacts don't appear to have any signatures: org.apache.sling.distribution.api-0.4.0-javadoc.jar org.apache.sling.distribution.api-0.4.0-source-release.zip org.apache.sling.distribution.api-0.4.0-sources.jar org.apache.sling.distribution.api-0.4.0.jar org.apache.sling.distribution.core-0.4.2-javadoc.jar org.apache.sling.distribution.core-0.4.2-source-release.zip org.apache.sling.distribution.core-0.4.2-sources.jar org.apache.sling.distribution.core-0.4.2.jar org.apache.sling.rewriter-1.3.0-javadoc.jar org.apache.sling.rewriter-1.3.0-source-release.zip org.apache.sling.rewriter-1.3.0-sources.jar org.apache.sling.rewriter-1.3.0.jar They do have hashes, but that is not sufficient -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (SLING-9173) Add KEYS file to https://dist.apache.org/repos/dist/release/sling
[ https://issues.apache.org/jira/browse/SLING-9173?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17052181#comment-17052181 ] Sebb commented on SLING-9173: - You should be able to recover a version of the file from: https://archive.apache.org/dist/sling/KEYS You just then need to ensure that any missing keys are added to the file. If a key has ever been used to sign a release artifact, it should not be removed from the file. [I suppose Infra might direct removal of a compromised key, but check with them first] > Add KEYS file to https://dist.apache.org/repos/dist/release/sling > - > > Key: SLING-9173 > URL: https://issues.apache.org/jira/browse/SLING-9173 > Project: Sling > Issue Type: Bug > Components: General >Reporter: Konrad Windszus >Priority: Major > > The link at https://sling.apache.org/downloads.cgi to > https://www.apache.org/dist/sling/KEYS is broken, because the KEYS file has > been removed in 2013 from the dist directory. > The file needs to be reestablished and > https://sling.apache.org/documentation/development/release-management.html#appendix-a-create-and-add-your-key-to-peopleapacheorg > need to be updated. > Compare with the discussion at > https://lists.apache.org/thread.html/ra6807cd9c8d7921f4441f621b43c92aa90cb0380b0190e0da1461939%40%3Cdev.sling.apache.org%3E > It is not allowed to instead just reference the file from > https://people.apache.org/keys/group/sling.asc, for a reasoning look at > https://people.apache.org/keys/ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-8052) MD5 and SHA1 should no longer be provided on download pages
Sebb created SLING-8052: --- Summary: MD5 and SHA1 should no longer be provided on download pages Key: SLING-8052 URL: https://issues.apache.org/jira/browse/SLING-8052 Project: Sling Issue Type: Bug Reporter: Sebb The use of MD5/SHA1 hashes on download pages was deprecated recently https://www.apache.org/dev/release-distribution#sigs-and-sums MD5/SHA1 hashes should no longer be generated or linked from the download page. [They are only OK for historic releases that don't have other hashes] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7474) Please use HTTPS for sigs and hashes
[ https://issues.apache.org/jira/browse/SLING-7474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sebb closed SLING-7474. --- Thanks! P.S. Next time the page is updated, you might want to update the copyright from 2017. [Or change the page generator to use the current year?] > Please use HTTPS for sigs and hashes > > > Key: SLING-7474 > URL: https://issues.apache.org/jira/browse/SLING-7474 > Project: Sling > Issue Type: Bug > Components: Site >Reporter: Sebb >Assignee: Bertrand Delacretaz >Priority: Major > > Please use HTTPS for links to hashes and sigs on the download page. > Also, the KEYS file must be linked from https://www.apache.org/dist/sling/KEYS > and NOT > https://people.apache.org/keys/group/sling.asc > which is unsuitable for the reasons noted here: > https://people.apache.org/keys/ > Thanks -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-7474) Please use HTTPS for sigs and hashes
[ https://issues.apache.org/jira/browse/SLING-7474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16354022#comment-16354022 ] Sebb commented on SLING-7474: - Also it would be helpful to explain to downloaders how to verify releases. Or at least point to documentation that explains how. > Please use HTTPS for sigs and hashes > > > Key: SLING-7474 > URL: https://issues.apache.org/jira/browse/SLING-7474 > Project: Sling > Issue Type: Bug >Reporter: Sebb >Priority: Major > > Please use HTTPS for links to hashes and sigs on the download page. > Also, the KEYS file must be linked from https://www.apache.org/dist/sling/KEYS > and NOT > https://people.apache.org/keys/group/sling.asc > which is unsuitable for the reasons noted here: > https://people.apache.org/keys/ > Thanks -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-7474) Please use HTTPS for sigs and hashes
Sebb created SLING-7474: --- Summary: Please use HTTPS for sigs and hashes Key: SLING-7474 URL: https://issues.apache.org/jira/browse/SLING-7474 Project: Sling Issue Type: Bug Reporter: Sebb Please use HTTPS for links to hashes and sigs on the download page. Also, the KEYS file must be linked from https://www.apache.org/dist/sling/KEYS and NOT https://people.apache.org/keys/group/sling.asc which is unsuitable for the reasons noted here: https://people.apache.org/keys/ Thanks -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-2328) Error in DOAP
Error in DOAP - Key: SLING-2328 URL: https://issues.apache.org/jira/browse/SLING-2328 Project: Sling Issue Type: Bug Environment: http://svn.apache.org/repos/asf/sling/site/doap/sling-doap.rdf Reporter: Sebb The DOAP file has: http://sling.apache.org";> Sling However, the name should be Apache Sling -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [ANN] Apache Sling JCR API 2.1.0, JCR Base 2.1.0, JCR Content Loader 2.1.0 and JCR Jackrabbit Server 2.1.0 Released
What is Sling? It would be helpful to include a short description of Sling in any Announce messages. On 10 September 2010 14:28, Justin Edelson wrote: > The Apache Sling team is pleased to announce the release of Apache > Sling JCR API 2.1.0, Apache Sling JCR Base 2.1.0, Apache Sling JCR > Content Loader 2.1.0 and Apache Sling JCR Jackrabbit Server 2.1.0. > > Collectively, these modules represent the core OSGi bundles providing > support for JCR repositories in Apache Sling. > > These releases are available from > http://sling.apache.org/site/downloads.cgi and Maven: > > > org.apache.sling > org.apache.sling.jcr.api > 2.1.0 > > > > org.apache.sling > org.apache.sling.jcr.base > 2.1.0 > > > > org.apache.sling > org.apache.sling.jcr.contentloader > 2.1.0 > > > > org.apache.sling > org.apache.sling.jcr.jackrabbit.server > 2.1.0 > > > Release Notes: > > JCR API 2.1.0: > ** Improvement > * [SLING-1363] - Add a component which allows bundles to configure > the session returned by SlingRepository > JCR Base 2.1.0: > ** Bug > * [SLING-1413] - In Jackrabbit 2.0, Privileges can now be denied > for Groups. The ModifyAceServlet and security ContentLoader should > allow it as well > * [SLING-1457] - AccessControlUtil.replaceAccessControlEntry(..) > must preserve the order of the ACEs in the AccessControlList when > merging changes into an existing ACE > * [SLING-1458] - The jackrabbit.accessmanager bundle needs to > provide a mechanism to re-order the ACEs in the ACL > * [SLING-1522] - AccessControlUtil looks up an Authorizable where > it does not need to. > * [SLING-1548] - Move bundle event handling to Loader (from > AbstractSlingRepository) > ** Improvement > * [SLING-1363] - Add a component which allows bundles to configure > the session returned by SlingRepository > > JCR Content Loader 2.1.0: > ** Bug > * [SLING-1409] - ignoreImportProviders doesn't allow multiple values. > * [SLING-1440] - Overwrite rule of bundle initial content cannot > be switched back to "false" > * [SLING-1457] - AccessControlUtil.replaceAccessControlEntry(..) > must preserve the order of the ACEs in the AccessControlList when > merging changes into an existing ACE > * [SLING-1458] - The jackrabbit.accessmanager bundle needs to > provide a mechanism to re-order the ACEs in the ACL > * [SLING-1526] - Extra property names of security:principals lost > when loaded via contentloader > * [SLING-1561] - Allow the Sling Initial ContentLoader to set > parent node properties > * [SLING-1582] - Content loader doesnt give much feedback when > something goes wrong. > * [SLING-1583] - Recent changes to content loader swallow "name" > property in nodes, which was previously used only for Princiapls, > breaks existing code. > * [SLING-1589] - DefaultContentImporter service doesn't have a > pretty name/description > * [SLING-1592] - contentloader doesn't uninstall content from > non-default workspace > * [SLING-1613] - JSON Content loader converts all arrays to arrays > of String. > * [SLING-1627] - import operation does not respect :replace=true > for properties > ** Improvement > * [SLING-1411] - Add replaceAccessControlEntry method to AccessControlUtil > * [SLING-1448] - Sling-Initial-Content should be able to load > content into non-default workspace > * [SLING-1532] - contentloader should overwrite file contents, not > file nodes > ** New Feature > * [SLING-1172] - Allow uploading JSON files to create content structures > > JCR Jackrabbit Server 2.1.0: > ** Bug > * [SLING-1417] - setting sling.repository.config.file.url to a URL > doesn't work > * [SLING-1449] - jcr.jackrabbit-server is missing DynamicImport-Package > * [SLING-1502] - Concurrency-Problem in AccessManagerFactoryTracker > * [SLING-1507] - Unable to change the Jackrabbit RMI port via > Karaf config/provisioning mechanism > ** Improvement > * [SLING-1550] - Embedded JCR Repository metatype refers to CRX > * [SLING-1556] - Add optional imports for JDBC packages used by > Jackrabbit Core persistence managers > * [SLING-1568] - Do not configure Derby PM to shutdown on close > * [SLING-1660] - upgrade to Jackrabbit 2.1.1 > * [SLING-1664] - support reading the jackrabbit configuration file > from the launchpad archive > ** Task > * [SLING-1531] - Upgrade to Jackrabbit 2.1 > > > Enjoy! > > -The Sling team >