Open 1000TurquoisePogs opened 2 years ago
This was discussed on the TSC more recently, and we came to a conclusion about how we'd like to fix this. As far as I remember, we said: Each download type should have a page about hash verification just like the convenience build does today. The only difference is that each hash page should be customized to whichever download you just downloaded, because that page has a link to the documentation on it, and you want to point people to your preferred documentation page, according to which thing they just downloaded.
The fix needs to be written here https://github.com/zowe/zowe.github.io When a user clicks a download here https://github.com/zowe/zowe.github.io/blob/master/download.md It should take them to the legal page here https://github.com/zowe/zowe.github.io/blob/master/legal.md And then finally the post-download page here https://github.com/zowe/zowe.github.io/blob/master/post_download.md
This currently happens for the convenience build download. We want it to happen for all downloads, which means the "legal" page currently seen on each download needs to have its target URL for "I agree" changed to the "post_download" page and have that page have slightly different content & links depending on which download you just did (how? by duplicating the page? by templating?)
Note: the verification file referenced in the post_download page already exists for all the download types, you can find it at https://zowe.jfrog.io/zowe/list/libs-release-local/org/zowe/2.9.0/, substituting version & file.
It's been added for client side and the issue belongs to https://github.com/zowe/zowe.github.io
Thanks @balhar-jakub for working on this.
When you download something on https://www.zowe.org/download.html The action that happens after the download varies by which thing you download.
Some downloads redirect the webpage to a docs.zowe.org page which explains how to install them. Others redirect the webpage to a zowe.org page which explains how to verify the authenticity of the download.
But, we should do both, always! https://zowe.jfrog.io/artifactory/list/libs-release-local/org/zowe/2.2.0/ contains the hash needed to verify any of our zowe downloads. But only the pax option sends you to this page https://www.zowe.org/post_download.html?version=2.2.0 explaining how to get the hash file, and how to use it. The page seems specific to .pax, but the instructions can be done on any of the download types! And, if you end up at docs.zowe.org instead of this page, docs.zowe.org doesnt have these instructions so you can't learn how to verify a download with the other download types
I think the website should be changed to either