[jira] [Created] (XMLBEANS-558) Download page gpg example needs second parameter

Sebb (Jira) Mon, 15 Mar 2021 16:30:04 -0700

Sebb created XMLBEANS-558:
-----------------------------

             Summary:  Download page gpg example needs second parameter
                 Key: XMLBEANS-558
                 URL: https://issues.apache.org/jira/browse/XMLBEANS-558
             Project: XMLBeans
          Issue Type: Bug
            Reporter: Sebb



It is important that the file being checked is also specified [1] on the gpg 
command line [2]

If the second paramater is omitted, gpg can report success without actually 
checking the main artifact. This should not happen on correctly constructed ASF 
downloads, as we only provide detached sigs, but we should not be documenting 
bad practise.

Note: the first example is correct, but the sample verification sequence omits 
the second parameter in:

gpg --verify xmlbeans-bin-3.1.0.tgz.asc

[1] https://www.apache.org/info/verification.html#specify_both
[2] https://xmlbeans.apache.org/download/



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org

[jira] [Created] (XMLBEANS-558) Download page gpg example needs second parameter

Reply via email to