You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2018/07/11 10:06:45 UTC

couchdb-www git commit: better instructions

Repository: couchdb-www
Updated Branches:
  refs/heads/asf-site 297e789bd -> fc07de36e


better instructions


Project: http://git-wip-us.apache.org/repos/asf/couchdb-www/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-www/commit/fc07de36
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-www/tree/fc07de36
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-www/diff/fc07de36

Branch: refs/heads/asf-site
Commit: fc07de36eb87586c254f0841fb4fa35c89c4d3b6
Parents: 297e789
Author: Jan Lehnardt <ja...@apache.org>
Authored: Wed Jul 11 11:01:10 2018 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Wed Jul 11 11:01:10 2018 +0200

----------------------------------------------------------------------
 index.html           |  4 ++--
 verify-downloads.txt | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-www/blob/fc07de36/index.html
----------------------------------------------------------------------
diff --git a/index.html b/index.html
index 1b3a69d..436993c 100644
--- a/index.html
+++ b/index.html
@@ -619,7 +619,7 @@ Thanks to Yohei Shimomae and the Apache Cordova team for the original design.
           </li>
         </ul>
         <div>
-          All source tarballs and release binaries are signed with <a href="https://www.apache.org/dist/couchdb/KEYS">one of these GPG keys</a>. You can verify a release by importing the key file and running <code>gpg --verify /path/to/downloaded/file.asc</code>
+          <a href="verify-downloads.txt">Instructions for verifying downloads.</a>
         </div>
       </div>
 
@@ -687,7 +687,7 @@ Thanks to Yohei Shimomae and the Apache Cordova team for the original design.
 
 
         <div>
-          All source tarballs and release binaries are signed with <a href="https://www.apache.org/dist/couchdb/KEYS">one of these GPG keys</a>. You can verify a release by importing the key file and running <code>gpg --verify /path/to/downloaded/file.asc</code>
+          <a href="verify-downloads.txt">Instructions for verifying downloads.</a>
         </div>
       </div>
 

http://git-wip-us.apache.org/repos/asf/couchdb-www/blob/fc07de36/verify-downloads.txt
----------------------------------------------------------------------
diff --git a/verify-downloads.txt b/verify-downloads.txt
new file mode 100644
index 0000000..10b1ae1
--- /dev/null
+++ b/verify-downloads.txt
@@ -0,0 +1,11 @@
+All source tarballs and release binaries are signed with one of these GPG keys: https://www.apache.org/dist/couchdb/KEYS
+
+You can verify a release by importing the key file and running:
+
+    gpg --import KEYS
+    gpg --verify /path/to/downloaded/file.asc
+
+In addition, we produce hashes for the download files with sha256 and sha512. You can validate those hashes:
+
+    shasum -n 256 /path/to/downloaded/file.sha256
+    shasum -n 512 /path/to/downloaded/file.sha512