[SVN-4736] Download page issues - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None
Environment:

http://subversion.apache.org/download.cgi

Description

The download page has links to sigs and SHA-512 hashes. These use https, which is good.

However the page also contains inline SHA1 hashes. These are not necessarily protected by https. There are SHA1 hashes in the distribution area; it would be best to link to those instead.

The description for verifying hashes does not mention how to check an SHA-512 hash.

The gpg command should read:

gpg --verify subversion-1.10.0.tar.gz.asc subversion-1.10.0.tar.gz

i.e. both the detached sig and the artifact itself should be specified.
See: https://www.apache.org/info/verification.html#CheckingSignatures

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Sebb

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Apr/18 14:44

Updated:: 19/Oct/18 09:56

Resolved:: 19/Oct/18 09:56