httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r1793207 - /httpd/site/trunk/content/dev/verification.mdtext
Date Sat, 29 Apr 2017 15:22:13 GMT
Author: niq
Date: Sat Apr 29 15:22:13 2017
New Revision: 1793207

URL: http://svn.apache.org/viewvc?rev=1793207&view=rev
Log:
Fix (hopefully) links in markdown for PGP verification update.

Modified:
    httpd/site/trunk/content/dev/verification.mdtext

Modified: httpd/site/trunk/content/dev/verification.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/dev/verification.mdtext?rev=1793207&r1=1793206&r2=1793207&view=diff
==============================================================================
--- httpd/site/trunk/content/dev/verification.mdtext (original)
+++ httpd/site/trunk/content/dev/verification.mdtext Sat Apr 29 15:22:13 2017
@@ -64,10 +64,10 @@ In this example, you have now received t
 as 'Jim Jagielski <jim@apache.org>' However, you have no way of
 verifying whether these keys were created by the person known as Jim
 Jagielski whose email address is claimed.  In fact, one of them is
-an imposter: see https://evil32.org/ for the story (and this could
-change again at any time).  This doesn't mean that PGP is broken,
-just that you need to look at the full 40-character key fingerprint
-rather than the obsolete 8-character ID.
+an imposter: see [https://evil32.org/] (https://evil32.org/) for the story
+(and this could change again at any time).  This doesn't mean that PGP
+is broken, just that you need to look at the full 40-character key
+fingerprint rather than the vulnerable 8-character ID.
 
 Anyway, let's try to verify the release signature again:
 
@@ -107,9 +107,9 @@ There are two ways to validate Jim's fin
 you a cryptographically-strong chain of trust to Jim's key.
 However, if you are new to PGP, this takes some time and effort.
 A shortcut to a reasonable level of security is to check Jim's
-fingerprint (using https, not http) against the database maintained
-by the Apache foundation of Apache developers' fingerprints at
-https://people.apache.org/keys/committer/ .
+fingerprint (always using https, not http) against [the database
+maintained by the Apache foundation of Apache developers' fingerprints]
+(https://people.apache.org/keys/committer/).
 Note that this shortcut fails catastrophically if the Apache website is
 ever compromised, or if an imposter breaks HTTPS security by obtaining
 a fake certificate and impersonates the site.  Be sure to keep an eye



Mime
View raw message