sebbASF opened a new issue, #98: URL: https://github.com/apache/incubator-pekko-site/issues/98
The verification instructions at https://github.com/apache/incubator-pekko-site/blob/4f171bca3915c06ee5964e9edf35966e4dec323a/content/download.html#L286 and https://github.com/apache/incubator-pekko-site/blob/4f171bca3915c06ee5964e9edf35966e4dec323a/content/download.html#L292 are unnecessarily complicated, and will not work in all situations. Using 'find' may result in applying the command to additional unrelated downloads, depending on where the files are downloaded. It will only work correctly if the files are in a leaf directory with no other hashes or sigs. Find by default traverses all nested directories. Also Windows has a completely different 'find' command. In addition, safe GPG verification requires both artifact and signature to be provided on the command line [1]. [1] https://www.apache.org/info/verification.html#CheckingSignatures -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
