From dev-return-38207-archive-asf-public=cust-asf.ponee.io@subversion.apache.org Sat Aug 25 14:44:29 2018
Return-Path:
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by mx-eu-01.ponee.io (Postfix) with SMTP id DE0A7180654
for ; Sat, 25 Aug 2018 14:44:28 +0200 (CEST)
Received: (qmail 43791 invoked by uid 500); 25 Aug 2018 12:44:28 -0000
Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help:
List-Unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list dev@subversion.apache.org
Received: (qmail 43770 invoked by uid 99); 25 Aug 2018 12:44:27 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Aug 2018 12:44:27 +0000
Received: from localhost (localhost [127.0.0.1])
by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id C44A71A2213
for ; Sat, 25 Aug 2018 12:44:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -2.411
X-Spam-Level:
X-Spam-Status: No, score=-2.411 tagged_above=-999 required=6.31
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01]
autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
dkim=pass (2048-bit key) header.d=posteo.de
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
with ESMTP id eYoStjQOH9BX for ;
Sat, 25 Aug 2018 12:44:25 +0000 (UTC)
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65])
by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 3CE5B5F437
for ; Sat, 25 Aug 2018 12:44:25 +0000 (UTC)
Received: from submission (posteo.de [89.146.220.130])
by mout01.posteo.de (Postfix) with ESMTPS id E024120EF7
for ; Sat, 25 Aug 2018 14:44:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017;
t=1535201058; bh=c02qJwfiFaSdS2y7XyS7iTda0ubWYyZdXz7juePVQF8=;
h=Subject:From:To:Cc:Date:From;
b=l+2s5Qdwkpu1MAbCjB2g3qCMQzeiGiDIac79LCp1SaRQluiMmBZCqpgf83a0itlJZ
huv3gd7tJj15TVfsQU5jEjWhPtBUfP7prOw3vJ0m3qvYsx4i6Jhan3rKSpb5kAUJHr
OIb/+VOk2eUWFz/3vYf6foWJBk6OkoZZryMADkC4hTNS6Z1wlNzlmt3XVl1ZDFu2An
5c4JfKSpsvc1GhHLq66WxY7U8Xgif3I2d97kXGWqIAMaYn3+ExpRSBeh9OnR/ahp+B
Dh1VHh/D5fHVbMctclYp0g6HK2/WVzM2OlQCHANOAafl81kxrVVusRGZrwqzggdkGO
eCsAT6SYpqDmA==
Received: from customer (localhost [127.0.0.1])
by submission (posteo.de) with ESMTPSA id 41yHsG18lKz6tm6;
Sat, 25 Aug 2018 14:44:17 +0200 (CEST)
Subject: Re: svn commit: r1838746 - /subversion/site/staging/download.html
From: Stefan
To: dev@subversion.apache.org, commits@subversion.apache.org
Cc: sebb@apache.org
Reply-To: dev@subversion.apache.org
References: <20180823180131.C74633A0102@svn01-us-west.apache.org>
Message-ID: <7f4068b2-9c42-ca00-dc8d-4c15692746ea@posteo.de>
Date: Sat, 25 Aug 2018 14:44:20 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To:
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
On 25/08/2018 14:37, Stefan wrote:
> On 23/08/2018 20:01, sebb@apache.org wrote:
>> Author: sebb
>> Date: Thu Aug 23 18:01:30 2018
>> New Revision: 1838746
>>
>> URL: http://svn.apache.org/viewvc?rev=1838746&view=rev
>> Log:
>> SVN-4736 - fix gpg command
>>
>> Modified:
>> subversion/site/staging/download.html
>>
>> Modified: subversion/site/staging/download.html
>> URL: http://svn.apache.org/viewvc/subversion/site/staging/download.html?rev=1838746&r1=1838745&r2=1838746&view=diff
>> ==============================================================================
>> --- subversion/site/staging/download.html (original)
>> +++ subversion/site/staging/download.html Thu Aug 23 18:01:30 2018
>> @@ -253,7 +253,7 @@ Other mirrors:
>> or
>>
>> % gpg --import subversion.asc
>> -% gpg --verify subversion-[version].tar.gz.asc
>> +% gpg --verify subversion-[version].tar.gz.asc subversion-[version].tar.gz
> Testing GPG locally (2.2.8 - Windows 10 - bundled version with Gpg4Win
> 3.1.2) running the command w/o specifying the filename of the gz archive
> works fine:
> "gpg: assuming signed data in 'subversion-1.10.2.tar.bz2' [...]"
>
> Is this command problematic with older GPG versions? If not, why not
> keep the command as short as possible and rely on the default resolution
> of the archive name?
Just saw the referenced SVN issue with the link which gives the missing
rational for that change. Thanks for that (should have spotted it before
replying). For the record:
"If the release file is omitted, GPG will only check the signature
against the release file if the signature is a detached signature. If
the .asc file is a self-contained signed file, GPG will only check that,
and will not verify the release. (This should not happen if the
signature file was downloaded from an ASF server, but it is safer to
always specify the release filename)" [1]
That said, +1 on that change. Feel free to merge it to publish.
[1] https://www.apache.org/info/verification.html#CheckingSignatures
>>
>>
>> Alternatively, you can verify the checksums on the
>>
>
Regards,
Stefan