We should prune torrent to just the releases supported by Fedora: N-1, N and prune everything else from the server. Email which sparked this:
On Mon, 3 Jun 2019 at 10:10, email@example.com wrote:
Just to point out the problematic download and security layout on your website. The spins page lists links to download the latest versions. The alternative downloads page (https://torrent.fedoraproject.org/) lists numerous releases, including security and older versions of the spins. Unfortunately, no direct download is provided for older versions of spins, only torrents. Worse, the available checksums on the verification page, which includes signature verification using older version keys, are only for current (30) versions, with none provided for older versions including 28. The actual link at the foot of the torrents list redirects to another page (https://fedoraproject.org/wiki/Distribution/Download/BitTorrent), which in turn links to the installation guide, which in turn links to an outdated verification page which then links back to the getfedora.org page. None of these provide a means to verify a single version of Fedora other than the latest spins. External download pages like those at www.getmyos.com lack verification means. A single University mirror retains olders versions, thankfully with checksums, though these cannot be verified at the fedora site itself.
I suggest at least including prominent verification checksums for all torrent versions, which in turn could also be used where isos are downloaded from external sources.
Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: deprecated, downloads
to comment on this ticket.