httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1011386 - in /websites/staging/httpd/trunk/content: ./ dev/verification.html
Date Sat, 29 Apr 2017 15:22:18 GMT
Author: buildbot
Date: Sat Apr 29 15:22:18 2017
New Revision: 1011386

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/dev/verification.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Apr 29 15:22:18 2017
@@ -1 +1 @@
-1793205
+1793207

Modified: websites/staging/httpd/trunk/content/dev/verification.html
==============================================================================
--- websites/staging/httpd/trunk/content/dev/verification.html (original)
+++ websites/staging/httpd/trunk/content/dev/verification.html Sat Apr 29 15:22:18 2017
@@ -151,10 +151,10 @@ together, so you should be able to conne
 as 'Jim Jagielski <jim@apache.org>' However, you have no way of
 verifying whether these keys were created by the person known as Jim
 Jagielski whose email address is claimed.  In fact, one of them is
-an imposter: see https://evil32.org/ for the story (and this could
-change again at any time).  This doesn't mean that PGP is broken,
-just that you need to look at the full 40-character key fingerprint
-rather than the obsolete 8-character ID.</p>
+an imposter: see [https://evil32.org/] (https://evil32.org/) for the story
+(and this could change again at any time).  This doesn't mean that PGP
+is broken, just that you need to look at the full 40-character key
+fingerprint rather than the vulnerable 8-character ID.</p>
 <p>Anyway, let's try to verify the release signature again:</p>
 <div class="codehilite"><pre><span class="c">% gpg --verify httpd-2.4.18.tar.gz.asc
httpd-2.4.18.tar.gz</span>
 <span class="n">gpg</span><span class="p">:</span> <span class="n">Signature</span>
<span class="n">made</span> <span class="n">Tue</span> <span class="n">Dec</span>
 8 21<span class="p">:</span>32<span class="p">:</span>07 2015 <span
class="n">CET</span> <span class="n">using</span> <span class="n">RSA</span>
<span class="n">key</span> <span class="n">ID</span> 791485<span
class="n">A8</span>
@@ -190,9 +190,9 @@ A93D 62EC C3C8 EA12 DB22  0EC9 34EA 76E6
 you a cryptographically-strong chain of trust to Jim's key.
 However, if you are new to PGP, this takes some time and effort.
 A shortcut to a reasonable level of security is to check Jim's
-fingerprint (using https, not http) against the database maintained
-by the Apache foundation of Apache developers' fingerprints at
-https://people.apache.org/keys/committer/ .
+fingerprint (always using https, not http) against [the database
+maintained by the Apache foundation of Apache developers' fingerprints]
+(https://people.apache.org/keys/committer/).
 Note that this shortcut fails catastrophically if the Apache website is
 ever compromised, or if an imposter breaks HTTPS security by obtaining
 a fake certificate and impersonates the site.  Be sure to keep an eye



Mime
View raw message