qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-8063) Please use https (SSL) for links to KEYS, hashes, sigs
Date Sun, 17 Dec 2017 14:32:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-8063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294173#comment-16294173

Sebb commented on QPID-8063:

I don't see the updates. Has it been published?

Also, there is an issue with the verification instructions:

% gpg --verify <artifact-name>.asc
should be
% gpg --verify <artifact-name>.asc <artifact-name>

If the sig file includes the data (i.e. the sig is not detached), GPG will validate just the
sig file, and will ignore the archive file.


It's an unlikely scenario, but we should not be publishing incorrect instructions.

> Please use https (SSL) for links to KEYS, hashes, sigs
> ------------------------------------------------------
>                 Key: QPID-8063
>                 URL: https://issues.apache.org/jira/browse/QPID-8063
>             Project: Qpid
>          Issue Type: Bug
>          Components: Website
>         Environment: http://qpid.apache.org/download.html
>            Reporter: Sebb
>            Assignee: Robbie Gemmell
>            Priority: Minor
> As the subject says: Please use https (SSL) for links to KEYS, hashes, sigs

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message