syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <>
Subject [jira] [Created] (SYNCOPE-1330) MD5 should no longer be provided on download pages
Date Mon, 02 Jul 2018 09:15:00 GMT
Sebb created SYNCOPE-1330:

             Summary: MD5 should no longer be provided on download pages
                 Key: SYNCOPE-1330
             Project: Syncope
          Issue Type: Bug
            Reporter: Sebb

The use of MD5 hashes on download pages was deprecated recently

MD5 hashes should no longer be generated or linked from the download page.
[They are only OK for historic releases that don't have other hashes]

Also there is no point asking users to check both the signature and the hash.
The signature should be checked; if that is not possible, check the hash.

Further, the GPG example needs to include the file name as well, e.g.

gpg --verify syncope-*.zip.asc syncope-*.zip

[However using "*" to represent the variable part of a file name is not ideal]

This message was sent by Atlassian JIRA

View raw message