Apache POI POI - Dev

[jira] [Resolved] (XMLBEANS-558) Download page gpg example needs second parameter

classic Classic list List threaded Threaded
1 message Options
PJ Fanning (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Resolved] (XMLBEANS-558) Download page gpg example needs second parameter

PJ Fanning (Jira)

     [ https://issues.apache.org/jira/browse/XMLBEANS-558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andreas Beeker resolved XMLBEANS-558.
-------------------------------------
      Assignee: Andreas Beeker
    Resolution: Fixed

Fixed via r1887741

Thanks for pointing out.

>  Download page gpg example needs second parameter
> -------------------------------------------------
>
>                 Key: XMLBEANS-558
>                 URL: https://issues.apache.org/jira/browse/XMLBEANS-558
>             Project: XMLBeans
>          Issue Type: Bug
>            Reporter: Sebb
>            Assignee: Andreas Beeker
>            Priority: Minor
>
> It is important that the file being checked is also specified [1] on the gpg command line [2]
> If the second paramater is omitted, gpg can report success without actually checking the main artifact. This should not happen on correctly constructed ASF downloads, as we only provide detached sigs, but we should not be documenting bad practise.
> Note: the first example is correct, but the sample verification sequence omits the second parameter in:
> gpg --verify xmlbeans-bin-3.1.0.tgz.asc
> [1] https://www.apache.org/info/verification.html#specify_both
> [2] https://xmlbeans.apache.org/download/



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Free forum by Nabble Edit this page