Uploaded image for project: 'Flagon'
  1. Flagon
  2. FLAGON-288

Download page must not link to dist.apache.org

    XMLWordPrintableJSON

Details

    Description

      The download page currently links to https://dist.apache.org/ for the hashes and sigs.

      However that host is only intended as a staging area for use by developers.

      Please can you change the links to use the ASF webserver instead?

      i.e.. change
      https://dist.apache.org/repos/dist/release/...
      to
      https://www.apache.org/dist/...
      wherever it appears.

      Also the download page should use https (SSL) to link to the KEYS file:

      https://www.apache.org/dist/.../KEYS

      Also the following command:

      $ gpg --verify apache-senssoft-useralejs-1.0.0-src.zip.asc

      should read

      $ gpg --verify apache-senssoft-useralejs-1.0.0-src.zip.asc apache-senssoft-useralejs-1.0.0-src.zip

      i.e. both the detached sig and the artifact itself should be specified.
      See: https://www.apache.org/info/verification.html#CheckingSignatures

      Thanks

      Attachments

        Activity

          People

            lewismc Lewis John McGibbney
            sebb Sebb
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: