logging.a.o download page needs second parameter for gpg verify

[sebbASF]

The page at https://logging.apache.org/download.html says:

for sigFile in *.asc; do gpg --verify $sigFile; done

That is insecure; gpg verify needs two parameters: the .asc file and the artifact itself.

This is described here:
https://www.apache.org/info/verification.html#specify_both

There is a further issue that the verification instructions are unlikely to work on Windows.

[vy]

@sebbASF, thanks for the heads up! 🙇 Fixed for both l.a.o/download.html and l.a.o/logging-parent/release-review-instructions.html.

[sebbASF]

https://logging.staged.apache.org/logging-parent/release-review-instructions.html has a typo in the for loop

[ppkarwasz]

It should be alright now, thanks