You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@velocity.apache.org by cb...@apache.org on 2021/03/09 09:28:45 UTC
[velocity-site] branch asf-site updated: [site/prod] Add a
'verifying integrity' section do download page
This is an automated email from the ASF dual-hosted git repository.
cbrisson pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/velocity-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new f8edae3 [site/prod] Add a 'verifying integrity' section do download page
f8edae3 is described below
commit f8edae35e7663032d96059da894cb50d1a77a618
Author: Claude Brisson <cl...@renegat.net>
AuthorDate: Tue Mar 9 10:28:40 2021 +0100
[site/prod] Add a 'verifying integrity' section do download page
---
download.html | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/download.html b/download.html
index 894c822..5d43c09 100644
--- a/download.html
+++ b/download.html
@@ -230,6 +230,7 @@ h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover
<ul>
<li><a href="#downloads">Downloads</a><ul>
<li><a href="#mirror-selection">Mirror Selection</a></li>
+<li><a href="#verifying-integrity-of-downloaded-files">Verifying integrity of downloaded files</a></li>
</ul>
</li>
<li><a href="#production-releases">Production releases</a><ul>
@@ -297,10 +298,12 @@ The currently selected mirror is <b>[preferred]</b>. If you encounter a problem
</form>
<p>You may also consult the <a href="https://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p>The <tt>KEYS</tt> link links to the code signing keys used to sign the product.
-The <tt>PGP</tt> links download the OpenPGP compatible signature from our main site.
-The <tt>SHA</tt> links download the checksum from the main site. None of these should be downloaded from the mirrors.</p>
-<p><a href="https://www.apache.org/dist/velocity/KEYS">KEYS</a></p>
+<h3 id="verifying-integrity-of-downloaded-files">Verifying integrity of downloaded files<a class="headerlink" href="#verifying-integrity-of-downloaded-files" title="Permanent link">¶</a></h3>
+<p>It is essential that you <a href="https://www.apache.org/info/verification.html">verify the integrity</a> of all downloaded files using the PGP and/or SHA signatures.</p>
+<p>The <tt>PGP</tt> links download the OpenPGP compatible signature from our main site.
+The <tt>SHA</tt> links download the checksum from the main site.
+None of these should be downloaded from the mirrors.</p>
+<p>Here are the Apache Velocity PGP <a href="https://www.apache.org/dist/velocity/KEYS">KEYS</a> used to sign the files.</p>
<h2 id="production-releases">Production releases<a class="headerlink" href="#production-releases" title="Permanent link">¶</a></h2>
<p>These releases are considered stable and suitable for production.</p>
<h3 id="velocity-engine-23">Velocity Engine 2.3<a class="headerlink" href="#velocity-engine-23" title="Permanent link">¶</a></h3>