Sebb created SVN-4736:
Summary: Download page issues
Issue Type: Bug
The download page has links to sigs and SHA-512 hashes. These use https, which
However the page also contains inline SHA1 hashes. These are not necessarily
protected by https. There are SHA1 hashes in the distribution area; it would be
best to link to those instead.
The description for verifying hashes does not mention how to check an SHA-512
The gpg command should read:
gpg --verify subversion-1.10.0.tar.gz.asc subversion-1.10.0.tar.gz
i.e. both the detached sig and the artifact itself should be specified.
This message was sent by Atlassian JIRA