Sebb created CLIMATE-951:
----------------------------
Summary: Download pages must use HTTPS for sigs, hashes, KEYS
Key: CLIMATE-951
URL: https://issues.apache.org/jira/browse/CLIMATE-951
Project: Apache Open Climate Workbench
Issue Type: Bug
Reporter: Sebb
The download page is generally fine.
However the links to the KEYS, sigs (PGP) and hashes use http; ideally they
should use https.
Also the gpg command should read:
gpg --verify <artifact>.asc <artifact>
i.e. both the detached sig and the artifact itself should be specified.
See: https://www.apache.org/info/verification.html#CheckingSignatures
Further, this sentence links to the same archives twice:
"If you are looking for previous releases of Apache OCW, have a look in the
Apache Archives, or alternatively for even older releases check out the Apache
archives."
Did you mean the second link to reference the incubator archives at
http://archive.apache.org/dist/incubator/climate/?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
