You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2018/02/07 05:50:22 UTC

[GitHub] merlimat closed pull request #1193: Added instructions to verify the release artifacts signatures

merlimat closed pull request #1193: Added instructions to verify the release artifacts signatures
URL: https://github.com/apache/incubator-pulsar/pull/1193
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/site/download.md b/site/download.md
index 5d5ffb25f..9aab82fea 100644
--- a/site/download.md
+++ b/site/download.md
@@ -37,7 +37,14 @@ Release | Link | Crypto files
 Binary | [pulsar-{{ site.current_version }}-bin.tar.gz]({{ mirror_url }}-bin.tar.gz) | [asc]({{ dist_url }}-bin.tar.gz.asc), [md5]({{ dist_url }}-bin.tar.gz.md5), [sha512]({{ dist_url }}-bin.tar.gz.sha512)
 Source | [pulsar-{{ site.current_version }}-src.tar.gz]({{ mirror_url }}-src.tar.gz) | [asc]({{ dist_url }}-src.tar.gz.asc), [md5]({{ dist_url }}-src.tar.gz.md5), [sha512]({{ dist_url }}-src.tar.gz.sha512)
 
-{% include admonition.html type="info" content='You can download the [KEYS](http://www.apache.org/dev/release-signing#keys-policy) file for Pulsar <a href="https://www.apache.org/dist/incubator/pulsar/KEYS" download>here</a>.' %}
+### Release Integrity
+
+You must [verify](https://www.apache.org/info/verification.html) the integrity of the downloaded files.
+We provide OpenPGP signatures for every release file. This signature should be matched against the
+[KEYS](https://www.apache.org/dist/incubator/pulsar/KEYS) file which contains the OpenPGP keys of
+Pulsar's Release Managers. We also provide `MD5` and `SHA-512` checksums for every release file.
+After you download the file, you should calculate a checksum for your download, and make sure it is
+the same as ours.
 
 ### Release notes for the {{ site.current_version }} release
 


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services