You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ant.apache.org by bo...@apache.org on 2005/05/10 17:21:27 UTC
cvs commit: ant/xdocs bindownload.xml srcdownload.xml
bodewig 2005/05/10 08:21:27
Modified: docs bindownload.html srcdownload.html
xdocs bindownload.xml srcdownload.xml
Log:
Will provide SHA1 checksums soon
Revision Changes Path
1.60 +11 -7 ant/docs/bindownload.html
Index: bindownload.html
===================================================================
RCS file: /home/cvs/ant/docs/bindownload.html,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- bindownload.html 10 May 2005 07:03:31 -0000 1.59
+++ bindownload.html 10 May 2005 15:21:27 -0000 1.60
@@ -238,16 +238,19 @@
<li><code>.zip</code> archive:
<a href="[preferred]/ant/binaries/apache-ant-1.6.3-bin.zip">apache-ant-1.6.3-bin.zip</a>
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.zip.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.zip.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.zip.md5">MD5</a>]</li>
<li><code>.tar.gz</code> archive:
<a href="[preferred]/ant/binaries/apache-ant-1.6.3-bin.tar.gz">apache-ant-1.6.3-bin.tar.gz</a>
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.gz.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.gz.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.gz.md5">MD5</a>]</li>
<li><code>.tar.bz2</code> archive:
<a href="[preferred]/ant/binaries/apache-ant-1.6.3-bin.tar.bz2">apache-ant-1.6.3-bin.tar.bz2</a>
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.bz2.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.bz2.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.bz2.md5">MD5</a>]</li>
</ul>
<h3 class="section">
@@ -270,7 +273,8 @@
Verify Releases
</h3>
<p>It is essential that you verify the integrity of the downloaded
-files using the PGP or MD5 signatures.</p>
+files using the PGP signature or the SHA1 or MD5 checksums. The
+checksums are not as strong indicators as the PGP signature.</p>
<p>The PGP signatures can be verified using PGP or GPG. First
download the <a href="http://www.apache.org/dist/ant/KEYS">KEYS</a>
as well as the <code>asc</code> signature file for the particular
@@ -291,12 +295,12 @@
% gpg --import KEYS<br />
% gpg --verify apache-ant-1.6.3-bin.tar.gz.asc
</code></p>
- <p>Alternatively, you can verify the MD5 signature on the files. A
-unix program called <code>md5</code> or <code>md5sum</code> is
-included in many unix distributions. It is also available as part of
-<a href="http://www.gnu.org/software/textutils/textutils.html">GNU
-Textutils</a>. Windows users can get binary md5 programs from <a href="http://www.fourmilab.ch/md5/">here</a>, <a href="http://www.pc-tools.net/win32/freeware/console/">here</a>, or
-<a href="http://www.slavasoft.com/fsum/">here</a>.</p>
+ <p>Alternatively, you can verify the checksums on the files. Unix
+programs called <code>md5</code>/<code>sha1</code> or
+<code>md5sum</code>/<code>sha1sum</code> are included in many unix
+distributions. <code>*sum</code> is also available as part of <a href="http://www.gnu.org/software/textutils/textutils.html">GNU
+Textutils</a>. Windows users can get binary md5 programs from <a href="http://www.fourmilab.ch/md5/">here</a>, <a href="http://www.pc-tools.net/win32/freeware/console/">here</a>. <a href="http://www.slavasoft.com/fsum/">fsum</a> supports MD5 and
+SHA1.</p>
<p>We highly recommend to verify the PGP signature, though.</p>
</div>
1.57 +11 -7 ant/docs/srcdownload.html
Index: srcdownload.html
===================================================================
RCS file: /home/cvs/ant/docs/srcdownload.html,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- srcdownload.html 10 May 2005 07:03:32 -0000 1.56
+++ srcdownload.html 10 May 2005 15:21:27 -0000 1.57
@@ -236,16 +236,19 @@
<li><code>.zip</code> archive:
<a href="[preferred]/ant/source/apache-ant-1.6.3-src.zip">apache-ant-1.6.3-src.zip</a>
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.zip.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.zip.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.zip.md5">MD5</a>]</li>
<li><code>.tar.gz</code> archive:
<a href="[preferred]/ant/source/apache-ant-1.6.3-src.tar.gz">apache-ant-1.6.3-src.tar.gz</a>
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.gz.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.gz.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.gz.md5">MD5</a>]</li>
<li><code>.tar.bz2</code> archive:
<a href="[preferred]/ant/source/apache-ant-1.6.3-src.tar.bz2">apache-ant-1.6.3-src.tar.bz2</a>
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.bz2.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.bz2.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.bz2.md5">MD5</a>]</li>
</ul>
<h3 class="section">
@@ -268,7 +271,8 @@
Verify Releases
</h3>
<p>It is essential that you verify the integrity of the downloaded
-files using the PGP or MD5 signatures.</p>
+files using the PGP signature or the SHA1 or MD5 checksums. The
+checksums are not as strong indicators as the PGP signature.</p>
<p>The PGP signatures can be verified using PGP or GPG. First
download the <a href="http://www.apache.org/dist/ant/KEYS">KEYS</a>
as well as the <code>asc</code> signature file for the particular
@@ -289,12 +293,12 @@
% gpg --import KEYS<br />
% gpg --verify apache-ant-1.6.3-src.tar.gz.asc
</code></p>
- <p>Alternatively, you can verify the MD5 signature on the files. A
-unix program called <code>md5</code> or <code>md5sum</code> is
-included in many unix distributions. It is also available as part of
-<a href="http://www.gnu.org/software/textutils/textutils.html">GNU
-Textutils</a>. Windows users can get binary md5 programs from <a href="http://www.fourmilab.ch/md5/">here</a>, <a href="http://www.pc-tools.net/win32/freeware/console/">here</a>, or
-<a href="http://www.slavasoft.com/fsum/">here</a>.</p>
+ <p>Alternatively, you can verify the checksums on the files. Unix
+programs called <code>md5</code>/<code>sha1</code> or
+<code>md5sum</code>/<code>sha1sum</code> are included in many unix
+distributions. <code>*sum</code> is also available as part of <a href="http://www.gnu.org/software/textutils/textutils.html">GNU
+Textutils</a>. Windows users can get binary md5 programs from <a href="http://www.fourmilab.ch/md5/">here</a>, <a href="http://www.pc-tools.net/win32/freeware/console/">here</a>. <a href="http://www.slavasoft.com/fsum/">fsum</a> supports MD5 and
+SHA1.</p>
<p>We highly recommend to verify the PGP signature, though.</p>
</div>
1.29 +13 -8 ant/xdocs/bindownload.xml
Index: bindownload.xml
===================================================================
RCS file: /home/cvs/ant/xdocs/bindownload.xml,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- bindownload.xml 28 Apr 2005 14:45:39 -0000 1.28
+++ bindownload.xml 10 May 2005 15:21:27 -0000 1.29
@@ -49,7 +49,6 @@
</section>
-
<section name="Mirror">
<p>You are currently using <b>[preferred]</b>. If you encounter a
@@ -94,16 +93,19 @@
<li><code>.zip</code> archive:
<a href="[preferred]/ant/binaries/apache-ant-1.6.3-bin.zip">apache-ant-1.6.3-bin.zip</a>
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.zip.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.zip.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.zip.md5">MD5</a>]</li>
<li><code>.tar.gz</code> archive:
<a href="[preferred]/ant/binaries/apache-ant-1.6.3-bin.tar.gz">apache-ant-1.6.3-bin.tar.gz</a>
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.gz.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.gz.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.gz.md5">MD5</a>]</li>
<li><code>.tar.bz2</code> archive:
<a href="[preferred]/ant/binaries/apache-ant-1.6.3-bin.tar.bz2">apache-ant-1.6.3-bin.tar.bz2</a>
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.bz2.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.bz2.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/binaries/apache-ant-1.6.3-bin.tar.bz2.md5">MD5</a>]</li>
</ul>
</section>
@@ -130,7 +132,8 @@
<section name="Verify Releases">
<p>It is essential that you verify the integrity of the downloaded
-files using the PGP or MD5 signatures.</p>
+files using the PGP signature or the SHA1 or MD5 checksums. The
+checksums are not as strong indicators as the PGP signature.</p>
<p>The PGP signatures can be verified using PGP or GPG. First
download the <a href="http://www.apache.org/dist/ant/KEYS">KEYS</a>
@@ -155,14 +158,16 @@
% gpg --verify apache-ant-1.6.3-bin.tar.gz.asc
</code></p>
-<p>Alternatively, you can verify the MD5 signature on the files. A
-unix program called <code>md5</code> or <code>md5sum</code> is
-included in many unix distributions. It is also available as part of
-<a href="http://www.gnu.org/software/textutils/textutils.html">GNU
+<p>Alternatively, you can verify the checksums on the files. Unix
+programs called <code>md5</code>/<code>sha1</code> or
+<code>md5sum</code>/<code>sha1sum</code> are included in many unix
+distributions. <code>*sum</code> is also available as part of <a
+href="http://www.gnu.org/software/textutils/textutils.html">GNU
Textutils</a>. Windows users can get binary md5 programs from <a
href="http://www.fourmilab.ch/md5/">here</a>, <a
-href="http://www.pc-tools.net/win32/freeware/console/">here</a>, or
-<a href="http://www.slavasoft.com/fsum/">here</a>.</p>
+href="http://www.pc-tools.net/win32/freeware/console/">here</a>. <a
+href="http://www.slavasoft.com/fsum/">fsum</a> supports MD5 and
+SHA1.</p>
<p>We highly recommend to verify the PGP signature, though.</p>
1.27 +13 -7 ant/xdocs/srcdownload.xml
Index: srcdownload.xml
===================================================================
RCS file: /home/cvs/ant/xdocs/srcdownload.xml,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- srcdownload.xml 28 Apr 2005 14:45:39 -0000 1.26
+++ srcdownload.xml 10 May 2005 15:21:27 -0000 1.27
@@ -90,16 +90,19 @@
<li><code>.zip</code> archive:
<a href="[preferred]/ant/source/apache-ant-1.6.3-src.zip">apache-ant-1.6.3-src.zip</a>
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.zip.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.zip.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.zip.md5">MD5</a>]</li>
<li><code>.tar.gz</code> archive:
<a href="[preferred]/ant/source/apache-ant-1.6.3-src.tar.gz">apache-ant-1.6.3-src.tar.gz</a>
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.gz.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.gz.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.gz.md5">MD5</a>]</li>
<li><code>.tar.bz2</code> archive:
<a href="[preferred]/ant/source/apache-ant-1.6.3-src.tar.bz2">apache-ant-1.6.3-src.tar.bz2</a>
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.bz2.asc">PGP</a>]
+<!--[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.bz2.sha1">SHA1</a>]-->
[<a href="http://www.apache.org/dist/ant/source/apache-ant-1.6.3-src.tar.bz2.md5">MD5</a>]</li>
</ul>
</section>
@@ -126,7 +129,8 @@
<section name="Verify Releases">
<p>It is essential that you verify the integrity of the downloaded
-files using the PGP or MD5 signatures.</p>
+files using the PGP signature or the SHA1 or MD5 checksums. The
+checksums are not as strong indicators as the PGP signature.</p>
<p>The PGP signatures can be verified using PGP or GPG. First
download the <a href="http://www.apache.org/dist/ant/KEYS">KEYS</a>
@@ -151,14 +155,16 @@
% gpg --verify apache-ant-1.6.3-src.tar.gz.asc
</code></p>
-<p>Alternatively, you can verify the MD5 signature on the files. A
-unix program called <code>md5</code> or <code>md5sum</code> is
-included in many unix distributions. It is also available as part of
-<a href="http://www.gnu.org/software/textutils/textutils.html">GNU
+<p>Alternatively, you can verify the checksums on the files. Unix
+programs called <code>md5</code>/<code>sha1</code> or
+<code>md5sum</code>/<code>sha1sum</code> are included in many unix
+distributions. <code>*sum</code> is also available as part of <a
+href="http://www.gnu.org/software/textutils/textutils.html">GNU
Textutils</a>. Windows users can get binary md5 programs from <a
href="http://www.fourmilab.ch/md5/">here</a>, <a
-href="http://www.pc-tools.net/win32/freeware/console/">here</a>, or
-<a href="http://www.slavasoft.com/fsum/">here</a>.</p>
+href="http://www.pc-tools.net/win32/freeware/console/">here</a>. <a
+href="http://www.slavasoft.com/fsum/">fsum</a> supports MD5 and
+SHA1.</p>
<p>We highly recommend to verify the PGP signature, though.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org