You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/02/24 13:38:35 UTC
[tomcat-connectors] branch master updated: Align with text
currently used on dist.a.o
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-connectors.git
The following commit(s) were added to refs/heads/master by this push:
new 2479474 Align with text currently used on dist.a.o
2479474 is described below
commit 24794746408d0a0b54c30679a7b1705d2fb85e81
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Feb 24 13:37:05 2020 +0000
Align with text currently used on dist.a.o
---
tools/dist/README.html | 36 ++++++++++++++++++++++++++++--------
1 file changed, 28 insertions(+), 8 deletions(-)
diff --git a/tools/dist/README.html b/tools/dist/README.html
index 1dc53e5..b83b650 100644
--- a/tools/dist/README.html
+++ b/tools/dist/README.html
@@ -34,12 +34,32 @@ nearest mirror site!</a></a></h2>
</p>
<h2><a name="sig">PGP Signatures</a></h2>
-<p>You <strong>must</strong> verify the integrity of the downloaded files.
- We provide OpenPGP signatures for every release file. This signature should
- be matched against the
- <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/KEYS">KEYS</a>
- file which contains the OpenPGP keys of the Release Managers. We also
- provide an <code>SHA1</code> and <code>SHA512</code> checksum for every
- release file. After you download the file, you should calculate a checksum
- for your download, and make sure it is the same as ours.
+<p>All of the release distribution packages have been digitally signed
+ (using PGP or GPG) by the Apache Tomcat Group members that constructed them.
+ There will be an accompanying <SAMP><EM>distribution</EM>.asc</SAMP> file
+ in the same directory as the distribution. The PGP keys can be found
+ at the MIT key repository and within this project's
+ <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/KEYS">KEYS file</a>.
+</p>
+
+<p>Always use the signature files to verify the authenticity
+ of the distribution, <i>e.g.</i>,</p>
+
+<pre>
+% pgpk -a KEYS
+% pgpv tomcat-connectors-1.2.48-src.tar.gz.asc
+<i>or</i>,
+% pgp -ka KEYS
+% pgp tomcat-connectors-1.2.48-src.tar.gz.asc
+<i>or</i>,
+% gpg --import KEYS
+% gpg --verify tomcat-connectors-1.2.48-src.tar.gz.asc
+</pre>
+
+<p>We provide SHA512 hashes as an alternative to validate the integrity
+ of the downloaded files. The program <code>sha512sum<code> is included
+ in many unix distributions. They are also available as part of <a
+ href="https://www.gnu.org/software/coreutils/coreutils.html">GNU
+ Coreutils</a>. Windows users can use <a
+ href="https://sourceforge.net/projects/cyohash/">Cyohash</a>.
</p>
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org