[ https://issues.apache.org/jira/browse/QPID-8063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294173#comment-16294173 ]
Sebb commented on QPID-8063: ---------------------------- I don't see the updates. Has it been published? Also, there is an issue with the verification instructions: {code} % gpg --verify <artifact-name>.asc should be % gpg --verify <artifact-name>.asc <artifact-name> {code} If the sig file includes the data (i.e. the sig is not detached), GPG will validate just the sig file, and will ignore the archive file. See: https://www.apache.org/info/verification.html#CheckingSignatures It's an unlikely scenario, but we should not be publishing incorrect instructions. > Please use https (SSL) for links to KEYS, hashes, sigs > ------------------------------------------------------ > > Key: QPID-8063 > URL: https://issues.apache.org/jira/browse/QPID-8063 > Project: Qpid > Issue Type: Bug > Components: Website > Environment: http://qpid.apache.org/download.html > Reporter: Sebb > Assignee: Robbie Gemmell > Priority: Minor > > As the subject says: Please use https (SSL) for links to KEYS, hashes, sigs -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org