[
https://issues.apache.org/jira/browse/KARAF-4427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebb reopened KARAF-4427:
-------------------------
Sorry, but there are some problems with the page.
The link for Container 4.0.5 SHA1 is wrong; it should not use closer.cgi
The MD5 and SHA1 files don't exist for Container 3.0.6.
Nor do they exist for either of the Cave versions
These should be created and uploaded.
Also the sig and hash links should really use https:
The verification instructions are a bit misleading.
{quote}
% gpg \-\-verify apache-karaf-\*.tar.gz.asc apache-karaf-\*.tar.gz
{quote}
The example above implies that one can use a wild-card on Unix, however that is
not the case if more than one file matches, e.g. if a user downloads binary and
source, both will match.
> Download pages: no link to KEYS file, no links to MD5 or SHA hashes
> -------------------------------------------------------------------
>
> Key: KARAF-4427
> URL: https://issues.apache.org/jira/browse/KARAF-4427
> Project: Karaf
> Issue Type: Bug
> Components: website
> Environment: http://karaf.apache.org/download.html
> Reporter: Sebb
> Assignee: Jean-Baptiste Onofré
>
> The download page should have a link to the KEYS file at
> http://www.apache.org/dist/karaf/KEYS
> It should also have links to the signature files (.asc) on the same server.
> Also, download pages are supposed to offer hashes (MD5 and/or SHA) for use in
> checking downloads.
> Further, the download page should recommend that downloaders use the sigs to
> verify downloads.
> For example, see:
> http://httpd.apache.org/download.cgi
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
