httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55808] File integrity verification using MD5 and SHA1
Date Wed, 13 Jan 2016 13:45:23 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=55808

--- Comment #6 from fedor.brunner@azet.sk ---
I agree that PGP is much better solution.

The scenario I was thinking of was:
1. User opens TLS secured page https://httpd.apache.org/download.cgi
2. There he finds unsecured download
http://apache.lauf-forum.at//httpd/httpd-2.2.31.tar.gz
3. He should now check the integrity using PGP. But if he doesn't use PGP, or
know how to use PGP, he could check the SHA-1 hash downloaded from:
https://www.apache.org/dist/httpd/httpd-2.2.31.tar.gz.sha1

So the integrity of the downloaded file would be tied to the TLS security of
apache.org and SHA-1 security.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message