[
https://issues.apache.org/jira/browse/KNOX-1405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebb reopened KNOX-1405:
------------------------
There is a second reference to the KEYS file in the instructions which should
be a link:
"First download the KEYS file"
Regarding the gpg verify command, it works, but it is bad practice as it is not
secure:
See: https://www.apache.org/info/verification.html#CheckingSignatures
> Download page must link to KEYS and contain verification details
> ----------------------------------------------------------------
>
> Key: KNOX-1405
> URL: https://issues.apache.org/jira/browse/KNOX-1405
> Project: Apache Knox
> Issue Type: Bug
> Components: Release
> Reporter: Sebb
> Assignee: Larry McCay
> Priority: Major
> Fix For: 1.1.0
>
>
> The download page
> https://cwiki.apache.org/confluence/display/KNOX/Release+1.1.0
> does not appear to contain a link to the KEYS file.
> The text "Verifying Apache HTTP Server Releases" should be a link.
> The gpg command should be:
> % gpg --verify knox-1.1.0.zip.asc knox-1.1.0.zip
> i.e. both sig and artifact need to be supplied
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
