[jira] [Commented] (CLOUDSTACK-10280) Please use HTTPS for KEYS, sigs and hashes

Rohit Yadav (Jira) Thu, 04 Mar 2021 08:53:06 -0800


    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17295406#comment-17295406
 ]


Rohit Yadav commented on CLOUDSTACK-10280:
------------------------------------------

PR proposed to fix this - https://github.com/apache/cloudstack/pull/4751/files

> Please use HTTPS for KEYS, sigs and hashes
> ------------------------------------------
>
>                 Key: CLOUDSTACK-10280
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10280
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Sebb
>            Priority: Critical
>
> The download page is generally fine.
> However the links to the KEYS, sigs (PGP) and hashes use http; ideally they 
> should use https.
> Also the gpg command should read:
> gpg --verify apache-cloudstack-X.X.X-src.tar.bz2.asc 
> apache-cloudstack-X.X.X-src.tar.bz2
> i.e. both the detached sig and the artifact itself should be specified.
> See: https://www.apache.org/info/verification.html#CheckingSignatures



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (CLOUDSTACK-10280) Please use HTTPS for KEYS, sigs and hashes

Reply via email to