Sebb created SVN-4736:
-------------------------
Summary: Download page issues
Key: SVN-4736
URL: https://issues.apache.org/jira/browse/SVN-4736
Project: Subversion
Issue Type: Bug
Environment: http://subversion.apache.org/download.cgi
Reporter: Sebb
The download page has links to sigs and SHA-512 hashes. These use https, which
is good.
However the page also contains inline SHA1 hashes. These are not necessarily
protected by https. There are SHA1 hashes in the distribution area; it would be
best to link to those instead.
The description for verifying hashes does not mention how to check an SHA-512
hash.
The gpg command should read:
gpg --verify subversion-1.10.0.tar.gz.asc subversion-1.10.0.tar.gz
i.e. both the detached sig and the artifact itself should be specified.
See: https://www.apache.org/info/verification.html#CheckingSignatures
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
