You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucy.apache.org by ma...@apache.org on 2011/08/20 00:05:56 UTC
[lucy-commits] svn commit: r1159794 -
/incubator/lucy/site/trunk/content/lucy/download.mdtext
Author: marvin
Date: Fri Aug 19 22:05:56 2011
New Revision: 1159794
URL: http://svn.apache.org/viewvc?rev=1159794&view=rev
Log:
Prefer GPG for validating release. Eliminate incorrect usages of
"XXXsum --check" and incorrect reference to "SHA1" instead of "SHA512".
Modified:
incubator/lucy/site/trunk/content/lucy/download.mdtext
Modified: incubator/lucy/site/trunk/content/lucy/download.mdtext
URL: http://svn.apache.org/viewvc/incubator/lucy/site/trunk/content/lucy/download.mdtext?rev=1159794&r1=1159793&r2=1159794&view=diff
==============================================================================
--- incubator/lucy/site/trunk/content/lucy/download.mdtext (original)
+++ incubator/lucy/site/trunk/content/lucy/download.mdtext Fri Aug 19 22:05:56 2011
@@ -25,6 +25,11 @@ is used to confirm the identity of these
To verify the OpenPGP signature:
+ $ gpg --import KEYS
+ $ gpg --verify apache-lucy-incubating-X.Y.Z.tar.gz.asc
+
+*or*
+
$ pgpk -a KEYS
$ pgpv apache-lucy-incubating-X.Y.Z.tar.gz.asc
@@ -33,17 +38,15 @@ To verify the OpenPGP signature:
$ pgp -ka KEYS
$ pgp apache-lucy-incubating-X.Y.Z.tar.gz.asc
-*or*
-
- $ gpg --import KEYS
- $ gpg --verify apache-lucy-incubating-X.Y.Z.tar.gz.asc
-
-To verify the MD5 checksum:
+To verify the MD5 checksum, compare the output of a local checksumming
+command against the contents of the .md5 file:
- $ md5sum --check apache-lucy-*.tar.gz.md5
+ $ gpg --print-md MD5 apache-lucy-*.tar.gz
+ $ cat apache-lucy-*.tar.gz.md5
-To verify the SHA1 checksum:
+To verify the SHA512 checksum, use the same comparison technique:
- $ sha1sum --check apache-lucy-*.tar.gz.sha1
+ $ gpg --print-md SHA512 apache-lucy-*.tar.gz
+ $ cat apache-lucy-*.tar.gz.sha