climate-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lewis John McGibbney (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLIMATE-951) Download pages must use HTTPS for sigs, hashes, KEYS
Date Wed, 02 May 2018 02:07:00 GMT

     [ https://issues.apache.org/jira/browse/CLIMATE-951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lewis John McGibbney updated CLIMATE-951:
-----------------------------------------
    Affects Version/s: 1.3.0

> Download pages must use HTTPS for sigs, hashes, KEYS
> ----------------------------------------------------
>
>                 Key: CLIMATE-951
>                 URL: https://issues.apache.org/jira/browse/CLIMATE-951
>             Project: Apache Open Climate Workbench
>          Issue Type: Bug
>    Affects Versions: 1.3.0
>         Environment: http://climate.apache.org/downloads.html
>            Reporter: Sebb
>            Priority: Major
>             Fix For: 1.4.0
>
>
> The download page is generally fine.
> However the links to the KEYS, sigs (PGP) and hashes use http; ideally they should use
https.
> Also the gpg command should read:
> gpg --verify <artifact>.asc <artifact>
> i.e. both the detached sig and the artifact itself should be specified.
> See: https://www.apache.org/info/verification.html#CheckingSignatures
> Further, this sentence links to the same archives twice:
> "If you are looking for previous releases of Apache OCW, have a look in the Apache Archives,
or alternatively for even older releases check out the Apache archives."
> Did you mean the second link to reference the incubator archives at http://archive.apache.org/dist/incubator/climate/?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message