syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SYNCOPE-1330) MD5 should no longer be provided on download pages
Date Mon, 02 Jul 2018 09:15:00 GMT
Sebb created SYNCOPE-1330:
-----------------------------

             Summary: MD5 should no longer be provided on download pages
                 Key: SYNCOPE-1330
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1330
             Project: Syncope
          Issue Type: Bug
         Environment: http://syncope.apache.org/downloads.html
            Reporter: Sebb


The use of MD5 hashes on download pages was deprecated recently

https://www.apache.org/dev/release-distribution#sigs-and-sums

MD5 hashes should no longer be generated or linked from the download page.
[They are only OK for historic releases that don't have other hashes]

Also there is no point asking users to check both the signature and the hash.
The signature should be checked; if that is not possible, check the hash.

Further, the GPG example needs to include the file name as well, e.g.

gpg --verify syncope-*.zip.asc syncope-*.zip

[However using "*" to represent the variable part of a file name is not ideal]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message