You can use one of the following channels to download the Logging Services release distributions.
Important
|
- Official distribution channels
-
In accordance with the Apache Software Foundation’s release distribution policy and creation process, all Logging Services release distributions are officially accessible from the following channels:
-
ASF Distribution directory (contains the most recent releases)
-
ASF Distribution directory archive (contains all published releases)
-
- Java distribution channels
-
-
ASF Release and snapshot Nexus repositories (mirrored to the Maven Central Repository)
-
- .NET distribution channels
Verification
All Logging Services release distributions are digitally signed by the release manager and provided with checksum files. You can verify a distribution by following the below shared instructions:
# Download and import the release manager public keys
wget -O - https://downloads.apache.org/logging/KEYS | gpg --import
# Verify signatures
for sigFile in *.asc; do gpg --verify $sigFile; done
# Verify checksums
shasum --check *.sha512
Software Bill of Materials (SBOM)
Many Logging Services projects distribute CycloneDX Software Bill of Materials (SBOM) along with each deployed artifact. This is streamlined by Logging Parent for Maven-based projects.
Produced SBOMs contain BOM-links referring to a CycloneDX Vulnerability Disclosure Report (VDR) that Apache Logging Services uses for all projects it maintains. This VDR is accessible through the following URL: https://logging.apache.org/cyclonedx/vdr.xml