This is an automated email from the ASF dual-hosted git repository. jbonofre pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/karaf-site.git
The following commit(s) were added to refs/heads/trunk by this push: new bf887a3 Use HTTPS download links new 6937b85 Merge pull request #69 from wborn/https-download bf887a3 is described below commit bf887a33755b30e1a87101be381c1e5e6427bcd5 Author: Wouter Born <git...@maindrain.net> AuthorDate: Fri Jan 13 11:01:23 2023 +0100 Use HTTPS download links There is a redirect to HTTPS anyhow. If the redirect stops working one day a MITM attack could occur causing users to install malware. Signed-off-by: Wouter Born <git...@maindrain.net> --- download.html | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/download.html b/download.html index f5978e8..d2cbbd5 100644 --- a/download.html +++ b/download.html @@ -18,21 +18,21 @@ permalink: /download <div class="mb-1 text-muted">January 10, 2023</div> <p class="card-text mb-auto"> Binary Distribution : - <a href="http://www.apache.org/dyn/closer.lua/karaf/4.4.3/apache-karaf-4.4.3.tar.gz">tar.gz</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/4.4.3/apache-karaf-4.4.3.tar.gz">tar.gz</a> [<a href="https://www.apache.org/dist/karaf/4.4.3/apache-karaf-4.4.3.tar.gz.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/4.4.3/apache-karaf-4.4.3.tar.gz.sha512">SHA512</a>] - - <a href="http://www.apache.org/dyn/closer.lua/karaf/4.4.3/apache-karaf-4.4.3.zip">zip</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/4.4.3/apache-karaf-4.4.3.zip">zip</a> [<a href="https://www.apache.org/dist/karaf/4.4.3/apache-karaf-4.4.3.zip.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/4.4.3/apache-karaf-4.4.3.zip.sha512">SHA512</a>] </p> <p class="card-text mb-auto"> Source Distribution : - <a href="http://www.apache.org/dyn/closer.lua/karaf/4.4.3/apache-karaf-4.4.3-src.tar.gz">tar.gz</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/4.4.3/apache-karaf-4.4.3-src.tar.gz">tar.gz</a> [<a href="https://www.apache.org/dist/karaf/4.4.3/apache-karaf-4.4.3-src.tar.gz.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/4.4.3/apache-karaf-4.4.3-src.tar.gz.sha512">SHA512</a>] - - <a href="http://www.apache.org/dyn/closer.lua/karaf/4.4.3/apache-karaf-4.4.3-src.zip">zip</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/4.4.3/apache-karaf-4.4.3-src.zip">zip</a> [<a href="https://www.apache.org/dist/karaf/4.4.3/apache-karaf-4.4.3-src.zip.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/4.4.3/apache-karaf-4.4.3-src.zip.sha512">SHA512</a>] </p> @@ -48,21 +48,21 @@ permalink: /download <div class="mb-1 text-muted">January 14, 2023</div> <p class="card-text mb-auto"> Binary Distribution : - <a href="http://www.apache.org/dyn/closer.lua/karaf/4.3.9/apache-karaf-4.3.9.tar.gz">tar.gz</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/4.3.9/apache-karaf-4.3.9.tar.gz">tar.gz</a> [<a href="https://www.apache.org/dist/karaf/4.3.9/apache-karaf-4.3.9.tar.gz.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/4.3.9/apache-karaf-4.3.9.tar.gz.sha512">SHA512</a>] - - <a href="http://www.apache.org/dyn/closer.lua/karaf/4.3.9/apache-karaf-4.3.9.zip">zip</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/4.3.9/apache-karaf-4.3.9.zip">zip</a> [<a href="https://www.apache.org/dist/karaf/4.3.9/apache-karaf-4.3.9.zip.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/4.3.9/apache-karaf-4.3.9.zip.sha512">SHA512</a>] </p> <p class="card-text mb-auto"> Source Distribution : - <a href="http://www.apache.org/dyn/closer.lua/karaf/4.3.9/apache-karaf-4.3.9-src.tar.gz">tar.gz</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/4.3.9/apache-karaf-4.3.9-src.tar.gz">tar.gz</a> [<a href="https://www.apache.org/dist/karaf/4.3.9/apache-karaf-4.3.9-src.tar.gz.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/4.3.9/apache-karaf-4.3.9-src.tar.gz.sha512">SHA512</a>] - - <a href="http://www.apache.org/dyn/closer.lua/karaf/4.3.9/apache-karaf-4.3.9-src.zip">zip</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/4.3.9/apache-karaf-4.3.9-src.zip">zip</a> [<a href="https://www.apache.org/dist/karaf/4.3.9/apache-karaf-4.3.9-src.zip.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/4.3.9/apache-karaf-4.3.9-src.zip.sha512">SHA512</a>] </p> @@ -84,11 +84,11 @@ permalink: /download </p> <p class="card-text mb-auto"> Source Distribution : - <a href="http://www.apache.org/dyn/closer.lua/karaf/cave/4.2.1/apache-karaf-cave-4.2.1-src.tar.gz">tar.gz</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/cave/4.2.1/apache-karaf-cave-4.2.1-src.tar.gz">tar.gz</a> [<a href="https://www.apache.org/dist/karaf/cave/4.2.1/apache-karaf-cave-4.2.1-src.tar.gz.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/cave/4.2.1/apache-karaf-cave-4.2.1-src.tar.gz.sha512">SHA512</a>] - - <a href="http://www.apache.org/dyn/closer.lua/karaf/cave/4.2.1/apache-karaf-cave-4.2.1-src.zip">zip</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/cave/4.2.1/apache-karaf-cave-4.2.1-src.zip">zip</a> [<a href="https://www.apache.org/dist/karaf/cave/4.2.1/apache-karaf-cave-4.2.1-src.zip.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/cave/4.2.1/apache-karaf-cave-4.2.1-src.zip.sha512">SHA512</a>] </p> @@ -108,11 +108,11 @@ permalink: /download </p> <p class="card-text mb-auto"> Source Distribution : - <a href="http://www.apache.org/dyn/closer.lua/karaf/decanter/2.9.0/apache-karaf-decanter-2.9.0-src.tar.gz">tar.gz</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/decanter/2.9.0/apache-karaf-decanter-2.9.0-src.tar.gz">tar.gz</a> [<a href="https://www.apache.org/dist/karaf/decanter/2.9.0/apache-karaf-decanter-2.9.0-src.tar.gz.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/decanter/2.9.0/apache-karaf-decanter-2.9.0-src.tar.gz.sha512">SHA512</a>] - - <a href="http://www.apache.org/dyn/closer.lua/karaf/decanter/2.9.0/apache-karaf-decanter-2.9.0-src.zip">zip</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/decanter/2.9.0/apache-karaf-decanter-2.9.0-src.zip">zip</a> [<a href="https://www.apache.org/dist/karaf/decanter/2.9.0/apache-karaf-decanter-2.9.0-src.zip.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/decanter/2.9.0/apache-karaf-decanter-2.9.0-src.zip.sha512">SHA512</a>] </p> @@ -132,11 +132,11 @@ permalink: /download </p> <p class="card-text mb-auto"> Source Distribution : - <a href="http://www.apache.org/dyn/closer.lua/karaf/cellar/4.2.1/apache-karaf-cellar-4.2.1-src.tar.gz">tar.gz</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/cellar/4.2.1/apache-karaf-cellar-4.2.1-src.tar.gz">tar.gz</a> [<a href="https://www.apache.org/dist/karaf/cellar/4.2.1/apache-karaf-cellar-4.2.1-src.tar.gz.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/cellar/4.2.1/apache-karaf-cellar-4.2.1-src.tar.gz.sha512">SHA512</a>] - - <a href="http://www.apache.org/dyn/closer.lua/karaf/cellar/4.2.1/apache-karaf-cellar-4.2.1-src.zip">zip</a> + <a href="https://www.apache.org/dyn/closer.lua/karaf/cellar/4.2.1/apache-karaf-cellar-4.2.1-src.zip">zip</a> [<a href="https://www.apache.org/dist/karaf/cellar/4.2.1/apache-karaf-cellar-4.2.1-src.zip.asc">PGP</a>] [<a href="https://www.apache.org/dist/karaf/cellar/4.2.1/apache-karaf-cellar-4.2.1-src.zip.sha512">SHA512</a>] </p> @@ -557,7 +557,7 @@ permalink: /download <h2 class="pb-3 mb-4 font-italic border-bottom"><i class="fas fa-barcode"></i> Verify the integrity of the files</h2> <p>It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures.<br/><br/> The PGP signatures can be verified using PGP or GPG. First download the <a href="https://www.apache.org/dist/karaf/KEYS">KEYS</a> as well - as the <code>asc</code> signature file for the relevant file. Make sure you get these files from the <a href="http://www.apache.org/dist/karaf">main distribution directory</a>, + as the <code>asc</code> signature file for the relevant file. Make sure you get these files from the <a href="https://www.apache.org/dist/karaf">main distribution directory</a>, rather than from a mirror. Then verify the signatures using, for instance:<br/> <code> % gpg --import KEYS