myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <...@myfaces.apache.org>
Subject [jira] [Commented] (TOBAGO-1834) Please use HTTPS for the KEYS link
Date Wed, 13 Dec 2017 16:25:00 GMT

    [ https://issues.apache.org/jira/browse/TOBAGO-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289469#comment-16289469
] 

Sebb commented on TOBAGO-1834:
------------------------------

Yes, GPG works. But it's fragile.

If the sig file includes the data (i.e. the sig is not detached), GPG will validate just the
sig file, and will ignore the archive file.
In that case, GPG will not show the warning message and to most people it will look as though
the archive file has been verified.

See the URL cited earlier.

It's an unlikely scenario, but we should not be publishing incorrect instructions.

> Please use HTTPS for the KEYS link
> ----------------------------------
>
>                 Key: TOBAGO-1834
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1834
>             Project: MyFaces Tobago
>          Issue Type: Bug
>         Environment: http://myfaces.apache.org/tobago/download.html
>            Reporter: Sebb
>            Assignee: Udo Schnurpfeil
>            Priority: Minor
>
> As the subject says.
> The download page already uses https for hashes and sigs; it needs to also do so for
the KEYS file please.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message