Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 4956 invoked from network); 12 Sep 2007 16:52:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Sep 2007 16:52:55 -0000 Received: (qmail 81579 invoked by uid 500); 12 Sep 2007 16:52:47 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 81542 invoked by uid 500); 12 Sep 2007 16:52:47 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 81508 invoked by uid 99); 12 Sep 2007 16:52:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Sep 2007 09:52:47 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Sep 2007 16:52:52 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 23748714159 for ; Wed, 12 Sep 2007 09:52:32 -0700 (PDT) Message-ID: <10289570.1189615952122.JavaMail.jira@brutus> Date: Wed, 12 Sep 2007 09:52:32 -0700 (PDT) From: "Emmanuel Lecharny (JIRA)" To: dev@directory.apache.org Subject: [jira] Created: (DIR-223) Add some info on download to suggest users to verify the downloaded signature MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Add some info on download to suggest users to verify the downloaded signature ----------------------------------------------------------------------------- Key: DIR-223 URL: https://issues.apache.org/jira/browse/DIR-223 Project: Directory Issue Type: Task Reporter: Emmanuel Lecharny Assignee: Alex Karasulu Priority: Blocker As pointed out by Stefano : Not related to Google Analytics, but I cannot see anywhere a place where you suggest users to verify their downloads (and links to the PGP/MD5 files) and maybe you can fix this while you're there. here is the text we use in Apache JAMES: -------------- Use the links below to download the Apache JAMES Mail Server from one of our mirrors. You *must* verify the integrity of the downloaded files using signatures downloaded from our main distribution directory. ---------------------- Then verify the integrity points to this paragraph: ------------------------- Verify the integrity of the files It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the asc signature file for the particular distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using % pgpk -a KEYS % pgpv james-version.tar.gz.asc or % pgp -ka KEYS % pgp james-version.tar.gz.asc or % gpg --import KEYS % gpg --verify james-version.tar.gz.asc ------------------------------- Also make sure you provide the MD5 and PGP links to the official main ASF distribution site (www.apache.org/dist/). As far as I know ASF *requires* signing for releases and strongly suggest to "incentivate" users to verify downloads. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.