Sebb created SYNCOPE-1330:
-----------------------------
Summary: MD5 should no longer be provided on download pages
Key: SYNCOPE-1330
URL: https://issues.apache.org/jira/browse/SYNCOPE-1330
Project: Syncope
Issue Type: Bug
Environment: http://syncope.apache.org/downloads.html
Reporter: Sebb
The use of MD5 hashes on download pages was deprecated recently
https://www.apache.org/dev/release-distribution#sigs-and-sums
MD5 hashes should no longer be generated or linked from the download page.
[They are only OK for historic releases that don't have other hashes]
Also there is no point asking users to check both the signature and the hash.
The signature should be checked; if that is not possible, check the hash.
Further, the GPG example needs to include the file name as well, e.g.
gpg --verify syncope-*.zip.asc syncope-*.zip
[However using "*" to represent the variable part of a file name is not ideal]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
