-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 10.0.21, 10.1.8
-
Fix Version/s: 5.5.54, 10.0.29, 10.1.21, 10.2.5, 5.5.54-galera, 10.0.29-galera
-
Component/s: Documentation, OTHER
-
Labels:None
-
Environment:Any
I'd like to see several improvements to the code verification for MariaDB. Porters should always have a way to validate that the tarball they've downloaded has not been tampered with.
- Only PGP signed MD5 hashes available for downloadable tarballs. Please update the hashes to SHA256 and provide signatures for these as well.
- Documentation on how to verify your downloaded tarball seems to be missing
- PGP code signing key not published on the website (yet on https://yum.mariadb.org)