[
https://issues.apache.org/jira/browse/CLOUDSTACK-10280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17295114#comment-17295114
]
Rohit Yadav commented on CLOUDSTACK-10280:
------------------------------------------
[~sebb] Thanks for the ticket. I've fixed the https usage and sha512 file link
on the website now. Pl check and close. On MD5, I've not removed it - is the
deprecation part of ASF policy, is there any email you can point me to.
Also - we're not using Jira anymore, you may want to use Github in future to
get community's attention: http://github.com/apache/cloudstack/issues
> Please use HTTPS for KEYS, sigs and hashes
> ------------------------------------------
>
> Key: CLOUDSTACK-10280
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10280
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Sebb
> Priority: Critical
>
> The download page is generally fine.
> However the links to the KEYS, sigs (PGP) and hashes use http; ideally they
> should use https.
> Also the gpg command should read:
> gpg --verify apache-cloudstack-X.X.X-src.tar.bz2.asc
> apache-cloudstack-X.X.X-src.tar.bz2
> i.e. both the detached sig and the artifact itself should be specified.
> See: https://www.apache.org/info/verification.html#CheckingSignatures
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
