You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@commons.apache.org by se...@apache.org on 2015/07/18 15:20:36 UTC

svn commit: r9891 - /release/commons/README.html

Author: sebb
Date: Sat Jul 18 13:20:36 2015
New Revision: 9891

Log:
Use an actual example file name
Note that hashes only provide download checks

Modified:
    release/commons/README.html

Modified: release/commons/README.html
==============================================================================
--- release/commons/README.html (original)
+++ release/commons/README.html Sat Jul 18 13:20:36 2015
@@ -23,16 +23,19 @@
 
 <pre>Always signatures to validate package authenticity, <i>e.g.</i>,
 $ pgpk -a KEYS
-$ pgpv commons.tar.gz.asc
+$ pgpv commons-logging-1.2-bin.tar.gz.asc
 <i>or</i>,
 $ pgp -ka KEYS
-$ pgp commons.tar.gz.asc
+$ pgp commons-logging-1.2-bin.tar.gz.asc
 <i>or</i>
-$ gpg --verify commons.tar.gz.asc
+$ gpg --verify commons-logging-1.2-bin.tar.gz.asc
 </pre>
 
 <p>
-    We also offer MD5 hashes as an alternative to validate the
+    We also offer MD5/SHA hashes as an alternative to validate the
     integrity of the downloaded files. See the
-    <tt><var>distribution</var>.md5</tt> files.
+    <tt><var>distribution</var>.md5/.sha1</tt> files.
+    <br>
+    Note that such hashes are only useful as a check that the file has been downloaded OK.
+    They do not provide any guarantee that the downloaded file is authentic.
 </p>