[tvm-site] branch main updated: Update download page per Apache requirements (#35)

[ju...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

junrushao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tvm-site.git


The following commit(s) were added to refs/heads/main by this push:
     new d0fd993  Update download page per Apache requirements (#35)
d0fd993 is described below

commit d0fd99362334b3729861106c141be507785b6b45
Author: Wuwei Lin <wu...@apache.org>
AuthorDate: Thu Jan 6 18:59:41 2022 -0500

    Update download page per Apache requirements (#35)
---
 download.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/download.md b/download.md
index 47651db..5b61767 100644
--- a/download.md
+++ b/download.md
@@ -17,7 +17,7 @@ Choose your flavor of download from the following links:
 
 | Version | Source | PGP | SHA |
 | ------- | ------ | --- | --- |
-| 0.8.0   | [apache-tvm-src-v0.8.0.tar.gz](https://dist.apache.org/repos/dist/release/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz) | [.asc](https://dist.apache.org/repos/dist/release/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz.asc) | [.sha512](https://dist.apache.org/repos/dist/release/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz.sha512) |
+| 0.8.0   | [apache-tvm-src-v0.8.0.tar.gz](https://downloads.apache.org/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz) | [.asc](https://downloads.apache.org/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz.asc) | [.sha512](https://downloads.apache.org/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz.sha512) |
 
 
 
@@ -25,7 +25,7 @@ Choose your flavor of download from the following links:
 
 # Verify the Integrity of the Files
 
-It is essential that you verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.md5 or .sha file). Please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html) for more information on why you should verify our releases.
+It is essential that you verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha512 file). Please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html) for more information on why you should verify our releases.
 
 The PGP signature can be verified using PGP or GPG. First download the [KEYS](https://downloads.apache.org/tvm/KEYS) as well as the .asc signature file for the relevant distribution. Make sure you get these files from the main distribution site, rather than from a mirror. Then verify the signatures using one of the following alternatives:
 
@@ -49,10 +49,10 @@ Alternatively, you can verify the hash on the file.
 Hashes can be calculated using GPG:
 
 ```bash
-$ gpg --print-md SHA1 downloaded_file
+$ gpg --print-md SHA512 downloaded_file
 ```
 
-The output should be compared with the contents of the SHA1 file. Similarly for other hashes (SHA512 MD5 etc) which may be provided.
+The output should be compared with the contents of the SHA512 file.
 
 Windows 7 and later systems should all now have certUtil:
 
@@ -60,4 +60,4 @@ Windows 7 and later systems should all now have certUtil:
 $ certUtil -hashfile pathToFileToCheck
 ```
 
-Unix-like systems (and macOS) will have a utility called `md5`, `md5sum` or `shasum`.
+Unix-like systems (and macOS) will have a utility called `shasum`.