From dev-return-38207-archive-asf-public=cust-asf.ponee.io@subversion.apache.org Sat Aug 25 14:44:29 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id DE0A7180654 for ; Sat, 25 Aug 2018 14:44:28 +0200 (CEST) Received: (qmail 43791 invoked by uid 500); 25 Aug 2018 12:44:28 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Received: (qmail 43770 invoked by uid 99); 25 Aug 2018 12:44:27 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Aug 2018 12:44:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id C44A71A2213 for ; Sat, 25 Aug 2018 12:44:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -2.411 X-Spam-Level: X-Spam-Status: No, score=-2.411 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=posteo.de Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id eYoStjQOH9BX for ; Sat, 25 Aug 2018 12:44:25 +0000 (UTC) Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 3CE5B5F437 for ; Sat, 25 Aug 2018 12:44:25 +0000 (UTC) Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id E024120EF7 for ; Sat, 25 Aug 2018 14:44:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1535201058; bh=c02qJwfiFaSdS2y7XyS7iTda0ubWYyZdXz7juePVQF8=; h=Subject:From:To:Cc:Date:From; b=l+2s5Qdwkpu1MAbCjB2g3qCMQzeiGiDIac79LCp1SaRQluiMmBZCqpgf83a0itlJZ huv3gd7tJj15TVfsQU5jEjWhPtBUfP7prOw3vJ0m3qvYsx4i6Jhan3rKSpb5kAUJHr OIb/+VOk2eUWFz/3vYf6foWJBk6OkoZZryMADkC4hTNS6Z1wlNzlmt3XVl1ZDFu2An 5c4JfKSpsvc1GhHLq66WxY7U8Xgif3I2d97kXGWqIAMaYn3+ExpRSBeh9OnR/ahp+B Dh1VHh/D5fHVbMctclYp0g6HK2/WVzM2OlQCHANOAafl81kxrVVusRGZrwqzggdkGO eCsAT6SYpqDmA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 41yHsG18lKz6tm6; Sat, 25 Aug 2018 14:44:17 +0200 (CEST) Subject: Re: svn commit: r1838746 - /subversion/site/staging/download.html From: Stefan To: dev@subversion.apache.org, commits@subversion.apache.org Cc: sebb@apache.org Reply-To: dev@subversion.apache.org References: <20180823180131.C74633A0102@svn01-us-west.apache.org> Message-ID: <7f4068b2-9c42-ca00-dc8d-4c15692746ea@posteo.de> Date: Sat, 25 Aug 2018 14:44:20 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 25/08/2018 14:37, Stefan wrote: > On 23/08/2018 20:01, sebb@apache.org wrote: >> Author: sebb >> Date: Thu Aug 23 18:01:30 2018 >> New Revision: 1838746 >> >> URL: http://svn.apache.org/viewvc?rev=1838746&view=rev >> Log: >> SVN-4736 - fix gpg command >> >> Modified: >> subversion/site/staging/download.html >> >> Modified: subversion/site/staging/download.html >> URL: http://svn.apache.org/viewvc/subversion/site/staging/download.html?rev=1838746&r1=1838745&r2=1838746&view=diff >> ============================================================================== >> --- subversion/site/staging/download.html (original) >> +++ subversion/site/staging/download.html Thu Aug 23 18:01:30 2018 >> @@ -253,7 +253,7 @@ Other mirrors: >> or
>> >> % gpg --import subversion.asc
>> -% gpg --verify subversion-[version].tar.gz.asc >> +% gpg --verify subversion-[version].tar.gz.asc subversion-[version].tar.gz > Testing GPG locally (2.2.8 - Windows 10 - bundled version with Gpg4Win > 3.1.2) running the command w/o specifying the filename of the gz archive > works fine: > "gpg: assuming signed data in 'subversion-1.10.2.tar.bz2' [...]" > > Is this command problematic with older GPG versions? If not, why not > keep the command as short as possible and rely on the default resolution > of the archive name? Just saw the referenced SVN issue with the link which gives the missing rational for that change. Thanks for that (should have spotted it before replying). For the record: "If the release file is omitted, GPG will only check the signature against the release file if the signature is a detached signature. If the .asc file is a self-contained signed file, GPG will only check that, and will not verify the release. (This should not happen if the signature file was downloaded from an ASF server, but it is safer to always specify the release filename)" [1] That said, +1 on that change. Feel free to merge it to publish. [1] https://www.apache.org/info/verification.html#CheckingSignatures >>

>> >>

Alternatively, you can verify the checksums on the >> > Regards, Stefan