https://bz.apache.org/bugzilla/show_bug.cgi?id=55808
--- Comment #6 from fedor.brun...@azet.sk --- I agree that PGP is much better solution. The scenario I was thinking of was: 1. User opens TLS secured page https://httpd.apache.org/download.cgi 2. There he finds unsecured download http://apache.lauf-forum.at//httpd/httpd-2.2.31.tar.gz 3. He should now check the integrity using PGP. But if he doesn't use PGP, or know how to use PGP, he could check the SHA-1 hash downloaded from: https://www.apache.org/dist/httpd/httpd-2.2.31.tar.gz.sha1 So the integrity of the downloaded file would be tied to the TLS security of apache.org and SHA-1 security. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
