THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Everything must come with hashes and signatures.
httphttps://www.apache.org/legal/release-policy.html#release-signing
All files need:
- md5 sha256 hash as <filename>.md5sha256 and/or sha512 hash as <filename>.sha256sha512 (see https://www.apache.org/dev/release-distribution#sigs-and-sums for release distribution policy)
- A detached signature as <filename>.asc (see https://www.apache.org/dev/release-signing.html#openpgp-ascii-detach-sig for details)
- The Release Manager signs the source
- Other packages are signed by the person who provided them
...
Usually done 1 - 3 weeks after the formal announcement to avoid a high traffic load on the mirror servers which must be avoided.
hash as <filename>.sha256