Sebb created FLAGON-452:
---------------------------
Summary: Incorrect/incomplete instructions on download page
Key: FLAGON-452
URL: https://issues.apache.org/jira/browse/FLAGON-452
Project: Flagon
Issue Type: Bug
Reporter: Sebb
The download page has some instructions that are not quite right.
$ gpg --verify apache-flagon-{product}-{version}-src.zip.asc
should read
$ gpg --verify apache-flagon-{product}-{version}-src.zip.asc
apache-flagon-{product}-{version}-src.zip
See https://www.apache.org/info/verification.html#specify_both
The "SHA512 Signatures" section refers to md5 and md5sum; it should refer to
sha512 and shasum.
Also the sha512 command does not work for all flavours of unix; it may be
necessary to use:
shasum -a 512
If you actually try comparing the output of the appropriate command with the
contents of the sha512 file, they are somewhat different. So either the text
should be updated to note the format difference (an example would be helpful),
or the sha512 files should be created with the expected format. That would be
best, as the sha512 command can then be used to check the value, as follows:
sha512sum -c apache-flagon-{product}-{version}-src.zip.sha512
(or shasum -a 512 -c)
If you try this currently, it fails because the checksum line is not understood.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
