luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/website/source/guides
History
Michael Schurter 3c78271ea2 docs: remove partial sig/checksum verification 
Point users to security doc instead. Right now it takes a lot of
explaining to describe to users exactly how to validate the binary and
what the output of the tools used means.

For example, this is the output when validating according to the
instructions in this guide and the linked doc:

```
vagrant@linux:/tmp$ gpg --verify nomad_0.8.7_SHA256SUMS.sig
nomad_0.8.7_SHA256SUMS
gpg: Signature made Fri 11 Jan 2019 09:47:56 PM UTC using RSA key ID
348FFC4C
gpg: Good signature from "HashiCorp Security <security@hashicorp.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 91A6 E7F8 5D05 C656 30BE  F189 5185 2D87 348F
FC4C
vagrant@linux:/tmp$ shasum -a 256 -c nomad_0.8.7_SHA256SUMS
shasum: ./nomad_0.8.7_darwin_amd64.zip:
./nomad_0.8.7_darwin_amd64.zip: FAILED open or read
shasum: ./nomad_0.8.7_linux_386.zip: No such file or directory
./nomad_0.8.7_linux_386.zip: FAILED open or read
shasum: ./nomad_0.8.7_linux_amd64-lxc.zip: No such file or directory
./nomad_0.8.7_linux_amd64-lxc.zip: FAILED open or read
./nomad_0.8.7_linux_amd64.zip: OK
shasum: ./nomad_0.8.7_linux_arm64.zip: No such file or directory
./nomad_0.8.7_linux_arm64.zip: FAILED open or read
shasum: ./nomad_0.8.7_linux_arm.zip: No such file or directory
./nomad_0.8.7_linux_arm.zip: FAILED open or read
shasum: ./nomad_0.8.7_windows_386.zip: No such file or directory
./nomad_0.8.7_windows_386.zip: FAILED open or read
shasum: ./nomad_0.8.7_windows_amd64.zip: No such file or directory
./nomad_0.8.7_windows_amd64.zip: FAILED open or read
shasum: WARNING: 7 listed files could not be read
```

There are only two lines that matter in all of that output:

```
...
gpg: Good signature from "HashiCorp Security <security@hashicorp.com>"
...
./nomad_0.8.7_linux_amd64.zip: OK
...
```

I feel like trying to teach users how to use and interpret these tools
in our deployment guide may be as likely to reduce confidence as
increase it.
2019-03-20 09:36:29 -07:00
..
advanced-scheduling fix link typo 2019-01-28 14:04:46 -05:00
external reformat lxc guide (#5339) 2019-02-21 17:40:22 -05:00
load-balancing docs: fixed broken links to schedulers page 2018-10-08 13:23:14 -04:00
operating-a-job Deprecate IOPS 2018-12-06 15:09:26 -08:00
operations docs: remove partial sig/checksum verification 2019-03-20 09:36:29 -07:00
security guides: Update for globbed namespace rules 2018-12-19 12:48:56 +01:00
spark Update guides/spark 2018-08-25 11:35:56 -05:00
stateful-workloads Portworx guide (#5399) 2019-03-15 11:33:46 -04:00
getting-started.html.md Misc. /guides updates 2018-08-25 11:35:56 -05:00
index.html.markdown Add outage guide and move bootstrapping 2017-02-10 15:30:34 -08:00
ui.html.md Commenting out dead link to demo.nomadproject.io (#5017) 2018-12-18 17:26:51 -05:00