Apache Rya is released as a source artifact, and also through Maven.
|4.0.0||27 Jul 2019||zip pgp sha512||Release notes|
|3.2.12||04 Mar 2018||zip pgp sha512||Release notes|
|3.2.11||10 Oct 2017||zip pgp sha512||Release notes|
|3.2.10||28 Oct 2016||zip pgp sha1||Release notes|
Download a source distribution in zip format, and verify using the corresponding pgp signature (using the committer file in KEYS). If you cannot do that, the sha1 or sha512 hash file may be used to check that the download has completed okay.
For fast downloads, current source distributions are hosted on mirror servers;
If a download from a mirror fails, retry, and the second download will likely succeed.
For security, hash and signature files are always hosted at Apache.