[ https://issues.apache.org/jira/browse/ZOOKEEPER-2292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Nauroth resolved ZOOKEEPER-2292. -------------------------------------- Resolution: Fixed Assignee: Chris Nauroth [~elevy], thank you for confirmation. In that case, I'm going to resolve this as a duplicate of ZOOKEEPER-2177. On that issue, I've attached a patch to the Releases page that describes how to verify a release. That patch is still awaiting review and commit. > Sign the download package > ------------------------- > > Key: ZOOKEEPER-2292 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2292 > Project: ZooKeeper > Issue Type: Improvement > Components: build > Reporter: Elias Levy > Assignee: Chris Nauroth > > Current ZK is made available for download as a compressed archive. Within > the archive, there is a cryptographic signature for the ZK JAR file. Alas, > the signature does not cover any of the other executable components that ZK > depends on, such as JARs in the lib directory or the scripts in the bin > directory. These could be tampered with. > The whole download package should be signed and the signature made available > along with it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)