You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@senssoft.apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2018/03/12 16:34:00 UTC
[jira] [Created] (SENSSOFT-288) Download page must not link to
dist.apache.org
Sebb created SENSSOFT-288:
-----------------------------
Summary: Download page must not link to dist.apache.org
Key: SENSSOFT-288
URL: https://issues.apache.org/jira/browse/SENSSOFT-288
Project: SensSoft
Issue Type: Bug
Environment: http://senssoft.incubator.apache.org/releases/
Reporter: Sebb
The download page currently links to [https://dist.apache.org/] for the hashes and sigs.
However that host is only intended as a staging area for use by developers.
Please can you change the links to use the ASF webserver instead?
i.e.. change
[https://dist.apache.org/repos/dist/release/]...
to
[https://www.apache.org/dist/]...
wherever it appears.
Also the download page should use https (SSL) to link to the KEYS file:
[https://www.apache.org/dist/.../KEYS]
Also the following command:
{code:java}
$ gpg --verify apache-senssoft-useralejs-1.0.0-src.zip.asc
{code}
should read
{code:java}
$ gpg --verify apache-senssoft-useralejs-1.0.0-src.zip.asc apache-senssoft-useralejs-1.0.0-src.zip
{code}
i.e. both the detached sig and the artifact itself should be specified.
See: [https://www.apache.org/info/verification.html#CheckingSignatures]
Thanks
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)