You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@pekko.apache.org by "sebbASF (via GitHub)" <gi...@apache.org> on 2024/03/16 10:27:30 UTC
[I] Broken verification instructions [incubator-pekko-site]
sebbASF opened a new issue, #98:
URL: https://github.com/apache/incubator-pekko-site/issues/98
The verification instructions at
https://github.com/apache/incubator-pekko-site/blob/4f171bca3915c06ee5964e9edf35966e4dec323a/content/download.html#L286
and
https://github.com/apache/incubator-pekko-site/blob/4f171bca3915c06ee5964e9edf35966e4dec323a/content/download.html#L292
are unnecessarily complicated, and will not work in all situations.
Using 'find' may result in applying the command to additional unrelated downloads, depending on where the files are downloaded. It will only work correctly if the files are in a leaf directory with no other hashes or sigs. Find by default traverses all nested directories. Also Windows has a completely different 'find' command.
In addition, safe GPG verification requires both artifact and signature to be provided on the command line [1].
[1] https://www.apache.org/info/verification.html#CheckingSignatures
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
Re: [I] Broken verification instructions [incubator-pekko-site]
Posted by "pjfanning (via GitHub)" <gi...@apache.org>.
pjfanning commented on issue #98:
URL: https://github.com/apache/incubator-pekko-site/issues/98#issuecomment-2003232449
I have updated the instuctions - see https://pekko.apache.org/download.html#verifying-downloads
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
Re: [I] Broken verification instructions [incubator-pekko-site]
Posted by "sebbASF (via GitHub)" <gi...@apache.org>.
sebbASF commented on issue #98:
URL: https://github.com/apache/incubator-pekko-site/issues/98#issuecomment-2004187981
Thanks, but the first gpg example is unsafe, as it does not include both the signature and the artifact - see the page I linked above.
It should please be removed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org