Calcite is released as a source artifact, and also through Maven.
Choose a source distribution in either tar or zip format, and verify using the corresponding pgp signature (using the committer file in KEYS). If you cannot do that, use the digest file to check that the download has completed OK.
For fast downloads, current source distributions are hosted on mirror servers; older source distributions are in the archive or incubator archive. If a download from a mirror fails, retry, and the second download will likely succeed.
For security, hash and signature files are always hosted at Apache.
Add the following to the dependencies section of your
<dependency> elements for any extension modules you
calcite-splunk, and so