You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@senssoft.apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2018/03/12 16:34:00 UTC

[jira] [Created] (SENSSOFT-288) Download page must not link to dist.apache.org

Sebb created SENSSOFT-288:
-----------------------------

             Summary: Download page must not link to dist.apache.org
                 Key: SENSSOFT-288
                 URL: https://issues.apache.org/jira/browse/SENSSOFT-288
             Project: SensSoft
          Issue Type: Bug
         Environment: http://senssoft.incubator.apache.org/releases/
            Reporter: Sebb


The download page currently links to [https://dist.apache.org/] for the hashes and sigs.

However that host is only intended as a staging area for use by developers.

Please can you change the links to use the ASF webserver instead?

i.e.. change
 [https://dist.apache.org/repos/dist/release/]...
 to
 [https://www.apache.org/dist/]...
 wherever it appears.

Also the download page should use https (SSL) to link to the KEYS file:

[https://www.apache.org/dist/.../KEYS]

Also the following command:
{code:java}
$ gpg --verify apache-senssoft-useralejs-1.0.0-src.zip.asc 
{code}
should read
{code:java}
$ gpg --verify apache-senssoft-useralejs-1.0.0-src.zip.asc apache-senssoft-useralejs-1.0.0-src.zip
{code}
i.e. both the detached sig and the artifact itself should be specified.
 See: [https://www.apache.org/info/verification.html#CheckingSignatures]

Thanks



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)