https://bz.apache.org/bugzilla/show_bug.cgi?id=55808
--- Comment #7 from Tom Fredrik Blenning <bfg-...@blenning.no> --- Actually this is a valid bug, but it's a different bug from what you described, this is a degradation attack. Both the SHA-1 checksums and the download are linked to http addresses, but the equivalent https addresses are available. It just so happens that the https addresses do not have a valid security certificate which is a second bug. I'm still convinced that the resolution for this issue is correct, but the two other bugs should be reported, would you like to do so Fedor, or should I do it? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
