You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2015/07/18 15:20:36 UTC
svn commit: r9891 - /release/commons/README.html
Author: sebb
Date: Sat Jul 18 13:20:36 2015
New Revision: 9891
Log:
Use an actual example file name
Note that hashes only provide download checks
Modified:
release/commons/README.html
Modified: release/commons/README.html
==============================================================================
--- release/commons/README.html (original)
+++ release/commons/README.html Sat Jul 18 13:20:36 2015
@@ -23,16 +23,19 @@
<pre>Always signatures to validate package authenticity, <i>e.g.</i>,
$ pgpk -a KEYS
-$ pgpv commons.tar.gz.asc
+$ pgpv commons-logging-1.2-bin.tar.gz.asc
<i>or</i>,
$ pgp -ka KEYS
-$ pgp commons.tar.gz.asc
+$ pgp commons-logging-1.2-bin.tar.gz.asc
<i>or</i>
-$ gpg --verify commons.tar.gz.asc
+$ gpg --verify commons-logging-1.2-bin.tar.gz.asc
</pre>
<p>
- We also offer MD5 hashes as an alternative to validate the
+ We also offer MD5/SHA hashes as an alternative to validate the
integrity of the downloaded files. See the
- <tt><var>distribution</var>.md5</tt> files.
+ <tt><var>distribution</var>.md5/.sha1</tt> files.
+ <br>
+ Note that such hashes are only useful as a check that the file has been downloaded OK.
+ They do not provide any guarantee that the downloaded file is authentic.
</p>