qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (QPID-8063) Please use https (SSL) for links to KEYS, hashes, sigs
Date Sun, 17 Dec 2017 14:33:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-8063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294173#comment-16294173
] 

Sebb edited comment on QPID-8063 at 12/17/17 2:32 PM:
------------------------------------------------------

I don't see the updates. Has it been published?

Also, there is an issue with the verification instructions:

{code}
% gpg --verify <artifact-name>.asc
should be
% gpg --verify <artifact-name>.asc <artifact-name>
{code}

In the first case, if the sig file includes the data (i.e. the sig is not detached), GPG will
validate just the sig file, and will ignore the archive file. It will only check the archive
if the sig is detached.

See:
https://www.apache.org/info/verification.html#CheckingSignatures

It's an unlikely scenario, but we should not be publishing incorrect instructions.


was (Author: sebb@apache.org):
I don't see the updates. Has it been published?

Also, there is an issue with the verification instructions:

{code}
% gpg --verify <artifact-name>.asc
should be
% gpg --verify <artifact-name>.asc <artifact-name>
{code}

If the sig file includes the data (i.e. the sig is not detached), GPG will validate just the
sig file, and will ignore the archive file.

See:
https://www.apache.org/info/verification.html#CheckingSignatures

It's an unlikely scenario, but we should not be publishing incorrect instructions.

> Please use https (SSL) for links to KEYS, hashes, sigs
> ------------------------------------------------------
>
>                 Key: QPID-8063
>                 URL: https://issues.apache.org/jira/browse/QPID-8063
>             Project: Qpid
>          Issue Type: Bug
>          Components: Website
>         Environment: http://qpid.apache.org/download.html
>            Reporter: Sebb
>            Assignee: Robbie Gemmell
>            Priority: Minor
>
> As the subject says: Please use https (SSL) for links to KEYS, hashes, sigs



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message