syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò (JIRA) <>
Subject [jira] [Closed] (SYNCOPE-1330) MD5 should no longer be provided on download pages
Date Mon, 02 Jul 2018 09:49:00 GMT


Francesco Chicchiriccò closed SYNCOPE-1330.
    Resolution: Fixed

MD5 refs removed from downloads and release-process pages (to avoid future issues)
Signature and hash verification adjusted using CXF as template

The updated pages will be published along with next release.

> MD5 should no longer be provided on download pages
> --------------------------------------------------
>                 Key: SYNCOPE-1330
>                 URL:
>             Project: Syncope
>          Issue Type: Bug
>         Environment:
>            Reporter: Sebb
>            Assignee: Francesco Chicchiriccò
>            Priority: Major
> The use of MD5 hashes on download pages was deprecated recently
> MD5 hashes should no longer be generated or linked from the download page.
> [They are only OK for historic releases that don't have other hashes]
> Also there is no point asking users to check both the signature and the hash.
> The signature should be checked; if that is not possible, check the hash.
> Further, the GPG example needs to include the file name as well, e.g.
> gpg --verify syncope-*.zip.asc syncope-*.zip
> [However using "*" to represent the variable part of a file name is not ideal]

This message was sent by Atlassian JIRA

View raw message