ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43162] New: - Verification for Microsoft Windows incompletely described
Date Sat, 18 Aug 2007 13:19:10 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43162>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43162

           Summary: Verification for Microsoft Windows incompletely
                    described
           Product: Ant
           Version: 1.7.0
          Platform: PC
               URL: http://ant.apache.org/bindownload.cgi#Verify%20Releases
        OS/Version: Windows XP
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Documentation
        AssignedTo: dev@ant.apache.org
        ReportedBy: krixel@wp.pl


The description of the verification procedure does not apply to the Windows 
operating system (note the csh prompt).  If I ignore the csh prompt and go on 
with the verification as described, I get the error "File not found" since the 
pgp command does not work at Microsoft.

The correct procedure is to install PGP Desktop for Windows from PGP 
Corporation (which installs a system service, serves as a proxy for your IMAP 
client by default and may make your machine awfully slow), import the keys and 
the signature and make it verify the installer.  The verification result is 
ambiguous because the Mr Levy-Lambert's public key is invalid: it has not been 
registered with PGP Corp.  I have registered the key but Mr Levy-Lambert has 
not confirmed it yet.

I understand your hostile stance regarding Microsoft but would it be possible 
to create a signed cabinet file instead?  Not everyone is allowed to have 
Linux at his workplace.

I would also bring to your attention that the mirrored archive (at least in 
Poland) has a different name than the master archive.  The master signature 
contains a reference to the master archive, not to the mirrored one.  Although 
both compare equal, you cannot know it until you download both, which is 
actually worse for the servers than not mirroring at all.

How I expect you to respond:
1. Provide a signed MSZIP cabinet archive for downloading.
2. Register Mr Levy-Lambert's public key with PGP Corp.
3. Provide relevant information for Microsoft Windows users at the download 
page.
4. Make the mirror an accurate mirror.

Total end user cost of not complying is 1 work day spent on:
- going through Wikipedia to learn what that pgp could possibly stand for;
- registering, downloading, learning, installing and configuring PGP Desktop 
(you have to learn quite a bit just to understand what you are doing);
- waiting for the infected machine to respond;
- trying to guess what it means that verification failed because the key is 
invalid.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message