Uploaded image for project: 'XMLBeans'
  1. XMLBeans
  2. XMLBEANS-558

Download page gpg example needs second parameter

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      It is important that the file being checked is also specified [1] on the gpg command line [2]

      If the second paramater is omitted, gpg can report success without actually checking the main artifact. This should not happen on correctly constructed ASF downloads, as we only provide detached sigs, but we should not be documenting bad practise.

      Note: the first example is correct, but the sample verification sequence omits the second parameter in:

      gpg --verify xmlbeans-bin-3.1.0.tgz.asc

      [1] https://www.apache.org/info/verification.html#specify_both
      [2] https://xmlbeans.apache.org/download/

        Attachments

          Activity

            People

            • Assignee:
              kiwiwings Andreas Beeker
              Reporter:
              sebb Sebb
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: