You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2017/09/05 13:59:30 UTC
[52/52] qpid-site git commit: tidy up verification instructions a
little, remove some now-redundant instruction
tidy up verification instructions a little, remove some now-redundant instruction
Project: http://git-wip-us.apache.org/repos/asf/qpid-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-site/commit/cb61089b
Tree: http://git-wip-us.apache.org/repos/asf/qpid-site/tree/cb61089b
Diff: http://git-wip-us.apache.org/repos/asf/qpid-site/diff/cb61089b
Branch: refs/heads/asf-site
Commit: cb61089b9b7cb9c78c97777bc56d3d75846f7f56
Parents: b1a4522
Author: Robbie Gemmell <ro...@apache.org>
Authored: Tue Sep 5 14:58:10 2017 +0100
Committer: Robbie Gemmell <ro...@apache.org>
Committed: Tue Sep 5 14:58:10 2017 +0100
----------------------------------------------------------------------
content/download.html | 25 +++++++++----------------
input/download.md | 23 ++++++++---------------
2 files changed, 17 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/cb61089b/content/download.html
----------------------------------------------------------------------
diff --git a/content/download.html b/content/download.html
index 2c46bc8..1f1a849 100644
--- a/content/download.html
+++ b/content/download.html
@@ -222,20 +222,17 @@ using the ASC signatures, MD5 checksums, or SHA checksums.</p>
<p>The signatures can be verified using PGP or GPG. First download
the <a href="http://www.apache.org/dist/qpid/KEYS"><code>KEYS</code></a> file as well as the
-<code>.asc</code> signature file for the relevant artefact. Make sure you get
-these files from the relevant subdirectory of the
-<a href="http://www.apache.org/dist/qpid/">main distribution directory</a>,
-rather than from a mirror. Then verify the signatures using one of the
-following sets of commands.</p>
+<code>.asc</code> signature file for the relevant artefact. Then verify the signatures
+using one of the following sets of commands.</p>
-<pre><code>% pgpk -a KEYS
+<pre><code>% gpg --import KEYS
+% gpg --verify <artifact-name>.asc
+
+% pgpk -a KEYS
% pgpv <artifact-name>.asc
% pgp -ka KEYS
% pgp <artifact-name>.asc
-
-% gpg --import KEYS
-% gpg --verify <artifact-name>.asc
</code></pre>
<p>Alternatively, you can verify the MD5 or SHA checksums of the
@@ -243,13 +240,9 @@ files. Unix programs called <code>md5sum</code>, <code>sha1sum</code> and <code>
<code>sha512</code>) are included in many unix distributions. They are also
available as part of
<a href="http://www.gnu.org/software/coreutils/">GNU Coreutils</a>. For
-Windows users, <a href="http://www.slavasoft.com/fsum/">FSUM</a> supports MD5 and
-SHA1. Ensure your generated checksum string matches the string
-published in the <code>.md5</code> or <code>.sha1</code> file included with each release
-artefact. Again, make sure you get this file from the relevant
-subdirectory of the
-<a href="http://www.apache.org/dist/qpid/">main distribution directory</a>,
-rather than from a mirror.</p>
+Windows users, <a href="http://www.slavasoft.com/fsum/">FSUM</a> supports this.
+Ensure your generated checksum string matches the string
+published in the checksum file included with each release artefact.</p>
<h2 id="more-information">More information</h2>
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/cb61089b/input/download.md
----------------------------------------------------------------------
diff --git a/input/download.md b/input/download.md
index 0cd4a5e..6bce930 100644
--- a/input/download.md
+++ b/input/download.md
@@ -77,11 +77,11 @@ using the ASC signatures, MD5 checksums, or SHA checksums.
The signatures can be verified using PGP or GPG. First download
the [`KEYS`](http://www.apache.org/dist/qpid/KEYS) file as well as the
-`.asc` signature file for the relevant artefact. Make sure you get
-these files from the relevant subdirectory of the
-[main distribution directory](http://www.apache.org/dist/qpid/),
-rather than from a mirror. Then verify the signatures using one of the
-following sets of commands.
+`.asc` signature file for the relevant artefact. Then verify the signatures
+using one of the following sets of commands.
+
+ % gpg --import KEYS
+ % gpg --verify <artifact-name>.asc
% pgpk -a KEYS
% pgpv <artifact-name>.asc
@@ -89,21 +89,14 @@ following sets of commands.
% pgp -ka KEYS
% pgp <artifact-name>.asc
- % gpg --import KEYS
- % gpg --verify <artifact-name>.asc
-
Alternatively, you can verify the MD5 or SHA checksums of the
files. Unix programs called `md5sum`, `sha1sum` and `sha512sum` (or `md5`, `sha1` and
`sha512`) are included in many unix distributions. They are also
available as part of
[GNU Coreutils](http://www.gnu.org/software/coreutils/). For
-Windows users, [FSUM](http://www.slavasoft.com/fsum/) supports MD5 and
-SHA1. Ensure your generated checksum string matches the string
-published in the `.md5` or `.sha1` file included with each release
-artefact. Again, make sure you get this file from the relevant
-subdirectory of the
-[main distribution directory](http://www.apache.org/dist/qpid/),
-rather than from a mirror.
+Windows users, [FSUM](http://www.slavasoft.com/fsum/) supports this.
+Ensure your generated checksum string matches the string
+published in the checksum file included with each release artefact.
## More information
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org