You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2017/09/05 13:59:30 UTC

[52/52] qpid-site git commit: tidy up verification instructions a little, remove some now-redundant instruction

tidy up verification instructions a little, remove some now-redundant instruction


Project: http://git-wip-us.apache.org/repos/asf/qpid-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-site/commit/cb61089b
Tree: http://git-wip-us.apache.org/repos/asf/qpid-site/tree/cb61089b
Diff: http://git-wip-us.apache.org/repos/asf/qpid-site/diff/cb61089b

Branch: refs/heads/asf-site
Commit: cb61089b9b7cb9c78c97777bc56d3d75846f7f56
Parents: b1a4522
Author: Robbie Gemmell <ro...@apache.org>
Authored: Tue Sep 5 14:58:10 2017 +0100
Committer: Robbie Gemmell <ro...@apache.org>
Committed: Tue Sep 5 14:58:10 2017 +0100

----------------------------------------------------------------------
 content/download.html | 25 +++++++++----------------
 input/download.md     | 23 ++++++++---------------
 2 files changed, 17 insertions(+), 31 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-site/blob/cb61089b/content/download.html
----------------------------------------------------------------------
diff --git a/content/download.html b/content/download.html
index 2c46bc8..1f1a849 100644
--- a/content/download.html
+++ b/content/download.html
@@ -222,20 +222,17 @@ using the ASC signatures, MD5 checksums, or SHA checksums.</p>
 
 <p>The signatures can be verified using PGP or GPG. First download
 the <a href="http://www.apache.org/dist/qpid/KEYS"><code>KEYS</code></a> file as well as the
-<code>.asc</code> signature file for the relevant artefact. Make sure you get
-these files from the relevant subdirectory of the
-<a href="http://www.apache.org/dist/qpid/">main distribution directory</a>,
-rather than from a mirror. Then verify the signatures using one of the
-following sets of commands.</p>
+<code>.asc</code> signature file for the relevant artefact. Then verify the signatures
+using one of the following sets of commands.</p>
 
-<pre><code>% pgpk -a KEYS
+<pre><code>% gpg --import KEYS
+% gpg --verify &lt;artifact-name&gt;.asc
+
+% pgpk -a KEYS
 % pgpv &lt;artifact-name&gt;.asc
 
 % pgp -ka KEYS
 % pgp &lt;artifact-name&gt;.asc
-
-% gpg --import KEYS
-% gpg --verify &lt;artifact-name&gt;.asc
 </code></pre>
 
 <p>Alternatively, you can verify the MD5 or SHA checksums of the
@@ -243,13 +240,9 @@ files. Unix programs called <code>md5sum</code>, <code>sha1sum</code> and <code>
 <code>sha512</code>) are included in many unix distributions.  They are also
 available as part of
 <a href="http://www.gnu.org/software/coreutils/">GNU Coreutils</a>. For
-Windows users, <a href="http://www.slavasoft.com/fsum/">FSUM</a> supports MD5 and
-SHA1. Ensure your generated checksum string matches the string
-published in the <code>.md5</code> or <code>.sha1</code> file included with each release
-artefact. Again, make sure you get this file from the relevant
-subdirectory of the
-<a href="http://www.apache.org/dist/qpid/">main distribution directory</a>,
-rather than from a mirror.</p>
+Windows users, <a href="http://www.slavasoft.com/fsum/">FSUM</a> supports this.
+Ensure your generated checksum string matches the string
+published in the checksum file included with each release artefact.</p>
 
 <h2 id="more-information">More information</h2>
 

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/cb61089b/input/download.md
----------------------------------------------------------------------
diff --git a/input/download.md b/input/download.md
index 0cd4a5e..6bce930 100644
--- a/input/download.md
+++ b/input/download.md
@@ -77,11 +77,11 @@ using the ASC signatures, MD5 checksums, or SHA checksums.
 
 The signatures can be verified using PGP or GPG. First download
 the [`KEYS`](http://www.apache.org/dist/qpid/KEYS) file as well as the
-`.asc` signature file for the relevant artefact. Make sure you get
-these files from the relevant subdirectory of the
-[main distribution directory](http://www.apache.org/dist/qpid/),
-rather than from a mirror. Then verify the signatures using one of the
-following sets of commands.
+`.asc` signature file for the relevant artefact. Then verify the signatures
+using one of the following sets of commands.
+
+    % gpg --import KEYS
+    % gpg --verify <artifact-name>.asc
 
     % pgpk -a KEYS
     % pgpv <artifact-name>.asc
@@ -89,21 +89,14 @@ following sets of commands.
     % pgp -ka KEYS
     % pgp <artifact-name>.asc
 
-    % gpg --import KEYS
-    % gpg --verify <artifact-name>.asc
-
 Alternatively, you can verify the MD5 or SHA checksums of the
 files. Unix programs called `md5sum`, `sha1sum` and `sha512sum` (or `md5`, `sha1` and
 `sha512`) are included in many unix distributions.  They are also
 available as part of
 [GNU Coreutils](http://www.gnu.org/software/coreutils/). For
-Windows users, [FSUM](http://www.slavasoft.com/fsum/) supports MD5 and
-SHA1. Ensure your generated checksum string matches the string
-published in the `.md5` or `.sha1` file included with each release
-artefact. Again, make sure you get this file from the relevant
-subdirectory of the
-[main distribution directory](http://www.apache.org/dist/qpid/),
-rather than from a mirror.
+Windows users, [FSUM](http://www.slavasoft.com/fsum/) supports this.
+Ensure your generated checksum string matches the string
+published in the checksum file included with each release artefact.
 
 ## More information
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org