Return-Path:
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
by cust-asf2.ponee.io (Postfix) with ESMTP id 103E5200C65
for ; Sat, 29 Apr 2017 17:22:21 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
id 0ECCE160BA9; Sat, 29 Apr 2017 15:22:21 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by cust-asf.ponee.io (Postfix) with SMTP id 57782160BA0
for ; Sat, 29 Apr 2017 17:22:20 +0200 (CEST)
Received: (qmail 39878 invoked by uid 500); 29 Apr 2017 15:22:19 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 39869 invoked by uid 99); 29 Apr 2017 15:22:19 -0000
Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144)
by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 29 Apr 2017 15:22:19 +0000
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id CC2FC3A04F3
for ; Sat, 29 Apr 2017 15:22:18 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1011386 - in /websites/staging/httpd/trunk/content: ./
dev/verification.html
Date: Sat, 29 Apr 2017 15:22:18 -0000
To: cvs@httpd.apache.org
From: buildbot@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20170429152218.CC2FC3A04F3@svn01-us-west.apache.org>
archived-at: Sat, 29 Apr 2017 15:22:21 -0000
Author: buildbot
Date: Sat Apr 29 15:22:18 2017
New Revision: 1011386
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/dev/verification.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Apr 29 15:22:18 2017
@@ -1 +1 @@
-1793205
+1793207
Modified: websites/staging/httpd/trunk/content/dev/verification.html
==============================================================================
--- websites/staging/httpd/trunk/content/dev/verification.html (original)
+++ websites/staging/httpd/trunk/content/dev/verification.html Sat Apr 29 15:22:18 2017
@@ -151,10 +151,10 @@ together, so you should be able to conne
as 'Jim Jagielski <jim@apache.org>' However, you have no way of
verifying whether these keys were created by the person known as Jim
Jagielski whose email address is claimed. In fact, one of them is
-an imposter: see https://evil32.org/ for the story (and this could
-change again at any time). This doesn't mean that PGP is broken,
-just that you need to look at the full 40-character key fingerprint
-rather than the obsolete 8-character ID.
+an imposter: see [https://evil32.org/] (https://evil32.org/) for the story
+(and this could change again at any time). This doesn't mean that PGP
+is broken, just that you need to look at the full 40-character key
+fingerprint rather than the vulnerable 8-character ID.
Anyway, let's try to verify the release signature again:
% gpg --verify httpd-2.4.18.tar.gz.asc httpd-2.4.18.tar.gz
gpg: Signature made Tue Dec 8 21:32:07 2015 CET using RSA key ID 791485A8
@@ -190,9 +190,9 @@ A93D 62EC C3C8 EA12 DB22 0EC9 34EA 76E6
you a cryptographically-strong chain of trust to Jim's key.
However, if you are new to PGP, this takes some time and effort.
A shortcut to a reasonable level of security is to check Jim's
-fingerprint (using https, not http) against the database maintained
-by the Apache foundation of Apache developers' fingerprints at
-https://people.apache.org/keys/committer/ .
+fingerprint (always using https, not http) against [the database
+maintained by the Apache foundation of Apache developers' fingerprints]
+(https://people.apache.org/keys/committer/).
Note that this shortcut fails catastrophically if the Apache website is
ever compromised, or if an imposter breaks HTTPS security by obtaining
a fake certificate and impersonates the site. Be sure to keep an eye