You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2010/04/29 17:21:43 UTC
svn commit: r939341 - in /db/derby/site/trunk:
build/site/releases/release-10.5.3.0.html
src/documentation/content/xdocs/releases/release-10.5.3.0.html
Author: rhillegas
Date: Thu Apr 29 15:21:42 2010
New Revision: 939341
URL: http://svn.apache.org/viewvc?rev=939341&view=rev
Log:
Add verification instructions to 10.5.3.0 release page.
Modified:
db/derby/site/trunk/build/site/releases/release-10.5.3.0.html
db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.5.3.0.html
Modified: db/derby/site/trunk/build/site/releases/release-10.5.3.0.html
URL: http://svn.apache.org/viewvc/db/derby/site/trunk/build/site/releases/release-10.5.3.0.html?rev=939341&r1=939340&r2=939341&view=diff
==============================================================================
--- db/derby/site/trunk/build/site/releases/release-10.5.3.0.html (original)
+++ db/derby/site/trunk/build/site/releases/release-10.5.3.0.html Thu Apr 29 15:21:42 2010
@@ -423,6 +423,9 @@ document.write("Last Published: " + docu
<li>
<a href="#Build+Environment">Build Environment</a>
</li>
+<li>
+<a href="#Verifying+releases">Verifying releases</a>
+</li>
</ul>
</li>
</ul>
@@ -791,6 +794,26 @@ document.write("Last Published: " + docu
<li>
<strong>Compiler</strong> - The Apple Java 5 compiler was used to compile all classes. Platform-specific code was compiled against the corresponding platform libraries listed above.</li>
</ul>
+<a name="N103D7"></a><a name="Verifying+releases"></a>
+<h3 class="boxed">Verifying releases</h3>
+<p>It is essential that you verify the integrity of the downloaded files using the PGP and MD5 signatures. MD5 verification ensures the file was not corrupted during the download process. PGP verification ensures that the file came from a certain person.</p>
+<p>The PGP signatures can be verified using <a class="external" href="http://www.pgpi.org/">PGP</a> or <a class="external" href="http://www.gnupg.org/">GPG</a>. First download the Apache Derby <a class="external" href="http://svn.apache.org/repos/asf/db/derby/code/trunk/KEYS">KEYS</a> as well as the <span class="codefrag">asc</span> signature file for the particular distribution. It is important that you get these files from the ultimate trusted source - the main ASF distribution site, rather than from a mirror. Then verify the signatures using ...</p>
+<pre>% pgpk -a KEYS
+% pgpv db-derby-X.Y.tar.gz.asc
+
+<em>or</em>
+
+% pgp -ka KEYS
+% pgp db-derby-X.Y.tar.gz.asc
+
+<em>or</em>
+
+% gpg --import KEYS
+% gpg --verify db-derby-X.Y.tar.gz.asc
+
+</pre>
+<p>To verify the MD5 signature on the files, you need to use a program called <span class="codefrag">md5</span> or <span class="codefrag">md5sum</span>, which is included in many unix distributions. It is also available as part of <a class="external" href="http://www.gnu.org/software/textutils/textutils.html">GNU Textutils</a>. Windows users can get binary md5 programs from <a class="external" href="http://www.fourmilab.ch/md5/">here</a>, <a class="external" href="http://www.pc-tools.net/win32/freeware/console/">here</a>, or <a class="external" href="http://www.slavasoft.com/fsum/">here</a>.</p>
+<p>We strongly recommend you verify your downloads with both PGP and MD5.</p>
</div>
</div>
<!--+
Modified: db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.5.3.0.html
URL: http://svn.apache.org/viewvc/db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.5.3.0.html?rev=939341&r1=939340&r2=939341&view=diff
==============================================================================
--- db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.5.3.0.html (original)
+++ db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.5.3.0.html Thu Apr 29 15:21:42 2010
@@ -597,6 +597,50 @@ Platform-specific code was compiled agai
libraries listed above.</li>
</ul>
+<h2><anchor id="Verifying+releases"/>Verifying releases</h2>
+
+<p>It is essential that you verify the integrity of the downloaded
+files using the PGP and MD5 signatures. MD5 verification ensures the
+file was not corrupted during the download process. PGP verification
+ensures that the file came from a certain person.</p>
+
+<p>The PGP signatures can be verified using
+<a href="http://www.pgpi.org/">PGP</a> or
+<a href="http://www.gnupg.org/">GPG</a>.
+First download the Apache Derby
+<a href="http://svn.apache.org/repos/asf/db/derby/code/trunk/KEYS">KEYS</a>
+as well as the <code>asc</code> signature file for the particular
+distribution. It is important that you get these files from the ultimate
+trusted source - the main ASF distribution site, rather than from a mirror.
+Then verify the signatures using ...</p>
+
+<pre>
+% pgpk -a KEYS
+% pgpv db-derby-X.Y.tar.gz.asc
+
+<em>or</em>
+
+% pgp -ka KEYS
+% pgp db-derby-X.Y.tar.gz.asc
+
+<em>or</em>
+
+% gpg --import KEYS
+% gpg --verify db-derby-X.Y.tar.gz.asc
+
+</pre>
+
+<p>To verify the MD5 signature on the files, you need to use a program
+called <code>md5</code> or <code>md5sum</code>, which is
+included in many unix distributions. It is also available as part of
+<a href="http://www.gnu.org/software/textutils/textutils.html">GNU
+Textutils</a>. Windows users can get binary md5 programs from <a
+href="http://www.fourmilab.ch/md5/">here</a>, <a
+href="http://www.pc-tools.net/win32/freeware/console/">here</a>, or
+<a href="http://www.slavasoft.com/fsum/">here</a>.</p>
+
+<p>We strongly recommend you verify your downloads with both PGP and MD5.</p>
+
</body>
</html>