John-A-Davies
commented
3 years ago FYI @nkocsis @nannanli
The binary file zowe-install-packaging/files/fingerprint.pax/HashFiles.class should not be stored in the source repository because it gives a high-priority OMP scan warning. It's currently inside
zowe-install-packaging/files/fingerprint.pax.
The user documentation verify-fingerprint.html directs the user to download that pax file from this repository. The pax file should instead be placed in artifactory, in this directory
https://zowe.jfrog.io/zowe/list/libs-release-local/org/zowe/1.16.0/ or its equivalent for each Zowe release.
The build, the doc. and this repository will need to be amended.
Customer content
Is your feature request related to a problem? Please describe. All users need to be able to dowload fingerprint.pax. If a user wants to run the fingerprint check, access to fingerprint.pax is mandatory for releases before 1.14.0 and optional afterwards.
Describe the solution you'd like fingerprint.pax is located where all users can download it.
Describe alternatives you've considered BOX note.
Additional context Perhaps promote it to Artifactory if and when appropriate.
Engineering team info (eg https://github.com/zowe/explorer-jes/issues/4)
As a user or L2 support agent,
I want to be able to verify the authenticity of a Zowe runtime
so that I can be sure it has the same content as the official, released version.
Details/notes
Doc will need updating to point to new location.
Acceptance Criteria
*Scenario 1: [Title]
Given [context]
And [some more context]...
When [event]
Then [outcome]
And [another outcome]...