Sebb created CXF-7780:
-------------------------
Summary: No need to use both sigs and hashes
Key: CXF-7780
URL: https://issues.apache.org/jira/browse/CXF-7780
Project: CXF
Issue Type: Improvement
Reporter: Sebb
The CXF download page says:
"When downloading from a mirror please check the SHA1/MD5 checksums as well as
verifying the OpenPGP compatible signature available from the main Apache site.
"
MD5 should be dropped as there aren't any.
Also there's no point verifying both.
Generally it's better to check the sig, failing that use a checksum.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
