Sebb created COCOON-2370:
----------------------------
Summary: Download page gpg example needs second parameter
Key: COCOON-2370
URL: https://issues.apache.org/jira/browse/COCOON-2370
Project: Cocoon
Issue Type: Bug
Components: * Cocoon Core
Reporter: Sebb
It is important that the file being checked is also specified [1] on the gpg
command line [2]
If the second paramater is omitted, gpg can report success without actually
checking the main artifact. This should not happen on correctly constructed ASF
downloads, as we only provide detached sigs, but we should not be documenting
bad practise.
[1] https://www.apache.org/info/verification.html#specify_both
[2] http://cocoon.apache.org/mirror.html
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
