[MDEV-8972] Tarball verification update - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 10.0.21, 10.1.8
Fix Version/s: 5.5.54, 10.0.29, 10.1.21, 10.2.5, 5.5.54-galera, 10.0.29-galera
Component/s: Documentation, OTHER
Labels:
None
Environment:
Any

Description

I'd like to see several improvements to the code verification for MariaDB. Porters should always have a way to validate that the tarball they've downloaded has not been tampered with.

Only PGP signed MD5 hashes available for downloadable tarballs. Please update the hashes to SHA256 and provide signatures for these as well.
Documentation on how to verify your downloaded tarball seems to be missing
PGP code signing key not published on the website (yet on https://yum.mariadb.org)

Attachments

Activity

People

Assignee:: Daniel Bartholomew

Reporter:: Bernard Spil

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015-10-20 15:41

Updated:: 2017-03-06 20:00

Resolved:: 2017-03-06 20:00

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.