Validate Apache Releases

    The following steps can be followed to verify.

    1. Whether the checksum and PGP signature are legitimate. 3.
    2. Whether the DISCLAIMER or DISCLAIMER-WIP is included.
    3. Whether the code matches the current release.
    4. Whether the LICENSE and NOTICE files are correct.
    5. No compiled content is included in the source package.
    6. Whether the compilation can be executed without problems.

    Here we use the verification of the Doris Core version as an example. Note that other components have their corresponding names changed.

    It is recommended to use GunPG, which can be installed by the following command.

    Go to the root of the source code and execute:

    The results of the run are as follows.

    Please see the compilation documentation of each component to verify the compilation.