karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (KARAF-4427) Download pages: no link to KEYS file, no links to MD5 or SHA hashes
Date Wed, 27 Apr 2016 19:51:12 GMT

     [ https://issues.apache.org/jira/browse/KARAF-4427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Sebb reopened KARAF-4427:

Sorry, but there are some problems with the page.

The link for Container 4.0.5 SHA1 is wrong; it should not use closer.cgi

The MD5 and SHA1 files don't exist for Container 3.0.6.
Nor do they exist for either of the Cave versions
These should be created and uploaded.

Also the sig and hash links should really use https:

The verification instructions are a bit misleading.
% gpg \-\-verify apache-karaf-\*.tar.gz.asc apache-karaf-\*.tar.gz
The example above implies that one can use a wild-card on Unix, however that is not the case
if more than one file matches, e.g. if a user downloads binary and source, both will match.

> Download pages: no link to KEYS file, no links to MD5 or SHA hashes
> -------------------------------------------------------------------
>                 Key: KARAF-4427
>                 URL: https://issues.apache.org/jira/browse/KARAF-4427
>             Project: Karaf
>          Issue Type: Bug
>          Components: website
>         Environment: http://karaf.apache.org/download.html
>            Reporter: Sebb
>            Assignee: Jean-Baptiste Onofré
> The download page should have a link to the KEYS file at
> http://www.apache.org/dist/karaf/KEYS
> It should also have links to the signature files (.asc) on the same server.
> Also, download pages are supposed to offer hashes (MD5 and/or SHA) for use in checking
> Further, the download page should recommend that downloaders use the sigs to verify downloads.
> For example, see:
> http://httpd.apache.org/download.cgi

This message was sent by Atlassian JIRA

View raw message