You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by ta...@apache.org on 2021/01/20 08:27:56 UTC
[myfaces-homepage] 37/46: Add release verification information to
website
This is an automated email from the ASF dual-hosted git repository.
tandraschko pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-homepage.git
commit 24daa01c272a64c2173ea94add79dc194bd89135
Author: Paul Nicolucci <pn...@gmail.com>
AuthorDate: Tue Nov 10 13:01:15 2020 -0500
Add release verification information to website
---
core22.md | 2 ++
core23.md | 2 ++
core23next.md | 2 ++
core30.md | 2 ++
core40.md | 2 ++
oldVersions.md | 4 ++++
releaseVerification.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
7 files changed, 63 insertions(+)
diff --git a/core22.md b/core22.md
index b02ffa1..63d5015 100644
--- a/core22.md
+++ b/core22.md
@@ -36,6 +36,8 @@ Implementation of the JavaServerâ„¢ Faces (JSF) 2.2 specification.
</dependency>
```
+[Release Verification](/releaseVerification.md ':include')
+
## Configuration
MyFaces core behavior can be customized, adding some web config params into your WEB-INF/web.xml or META-INF/web-fragment.xml file for your custom project in this way:
diff --git a/core23.md b/core23.md
index e5db56e..9b7e2ff 100644
--- a/core23.md
+++ b/core23.md
@@ -36,6 +36,8 @@ Implementation of the JavaServerâ„¢ Faces (JSF) 2.3 specification.
</dependency>
```
+[Release Verification](/releaseVerification.md ':include')
+
## Configuration
MyFaces core behavior can be customized, adding some web config params into your WEB-INF/web.xml or META-INF/web-fragment.xml file for your custom project in this way:
diff --git a/core23next.md b/core23next.md
index e788aa5..da06779 100644
--- a/core23next.md
+++ b/core23next.md
@@ -52,6 +52,8 @@ What are the disadvantages compared to 2.3?
</dependency>
```
+[Release Verification](/releaseVerification.md ':include')
+
## Configuration
MyFaces core behavior can be customized, adding some web config params into your WEB-INF/web.xml or META-INF/web-fragment.xml file for your custom project in this way:
diff --git a/core30.md b/core30.md
index 8cf0d6e..a28c5e9 100644
--- a/core30.md
+++ b/core30.md
@@ -37,6 +37,8 @@ Implementation of the Jakarta Server Faces 3.0 specification.
</dependency>
```
+[Release Verification](/releaseVerification.md ':include')
+
## Configuration
MyFaces core behavior can be customized, adding some web config params into your WEB-INF/web.xml or META-INF/web-fragment.xml file for your custom project in this way:
diff --git a/core40.md b/core40.md
index 2e2115f..1dc3877 100644
--- a/core40.md
+++ b/core40.md
@@ -38,6 +38,8 @@ What are the benefits compared to our older versions?
</dependency>
```
+[Release Verification](/releaseVerification.md ':include')
+
## Configuration
MyFaces core behavior can be customized, adding some web config params into your WEB-INF/web.xml or META-INF/web-fragment.xml file for your custom project in this way:
diff --git a/oldVersions.md b/oldVersions.md
index cd33141..fe2a6ce 100644
--- a/oldVersions.md
+++ b/oldVersions.md
@@ -9,6 +9,8 @@
[Apache MyFaces Core 1.1](#apache-myfaces-core-11)
+[Release Verification](#Verifying-checksums)
+
[2.1](/core21.md ':include')
[2.0](/core20.md ':include')
@@ -16,3 +18,5 @@
[1.2](/core12.md ':include')
[1.1](/core11.md ':include')
+
+[Release Verification](/releaseVerification.md ':include')
diff --git a/releaseVerification.md b/releaseVerification.md
new file mode 100644
index 0000000..9504510
--- /dev/null
+++ b/releaseVerification.md
@@ -0,0 +1,49 @@
+## Verifying checksums
+
+It is essential that you verify the integrity of the downloaded
+files using the PGP and MD5/SHA512 signatures. MD5/SHA512 verification ensures the
+file was not corrupted during the download process. PGP verification
+ensures that the file came from a certain person.
+
+To verify the MD5 signature on the files, you need to use a program
+called _md5_ or _md5sum_, which is
+included in many unix distributions. It is also available as part of
+[GNU Textutils](http://www.gnu.org/software/textutils/textutils.html).
+Windows users can get binary md5 programs from [here](http://www.fourmilab.ch/md5/),
+[here](http://www.pc-tools.net/win32/freeware/console/), or
+[here](http://www.slavasoft.com/fsum/).
+
+To verify the SHA512 signature on the files, you need to use a program called
+e.g. _sha, shasum, sha512sum_ which is included in many unix distributions, MacOS
+and Windows.
+
+## Verifying signatures
+
+PGP verification ensures that the file came from a certain person. We strongly recommend
+you verify your downloads with both PGP and MD5/SHA512.
+
+The PGP signatures can be verified using [PGP](http://www.pgpi.org/) or
+[GPG](http://www.gnupg.org/). First download the Apache MyFaces
+[KEYS](https://www.apache.org/dist/myfaces/KEYS) as well as the _asc_ signature file
+for the particular distribution. It is important that you get these files from the ultimate
+trusted source - the main ASF distribution site, rather than from a mirror.
+Then verify the signatures using:
+
+```
+% pgpk -a KEYS
+% pgpv myfaces-core-X.Y.Z-bin.tar.gz.asc
+```
+
+_or_
+
+```
+% pgp -ka KEYS
+% pgp myfaces-core-X.Y.Z-bin.tar.gz.asc
+```
+
+_or_
+
+```
+% gpg --import KEYS
+% gpg --verify myfaces-core-X.Y.Z-bin.tar.gz.asc
+```
\ No newline at end of file