[Tomcat Wiki] Trivial Update of "FAQ/FDA_Validation" by KonstantinKolinko

[Apache Wiki <wi...@apache.org>]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "FAQ/FDA_Validation" page has been changed by KonstantinKolinko.
The comment on this change is: Updated links and corrected some misprints.
http://wiki.apache.org/tomcat/FAQ/FDA_Validation?action=diff&rev1=3&rev2=4

--------------------------------------------------

  
  Several kinds. They include:
  
-  * There are numerous smaller [[http://jakarta.apache.org/site/vendors.html|vendors]] and several large ones, including IBM, HP, Sun, and Novell, who offer Tomcat consulting and support services, including application auditing, environment assessments, and risk analysis.
+  * There are numerous smaller [[SupportAndTraining|vendors]] and several large ones, including IBM, HP, Sun, and Novell, who offer Tomcat consulting and support services, including application auditing, environment assessments, and risk analysis.
-  * There are numerous vendors in addition to the above consultants, like [[http://www.covalent.net/|Covalent]] and [[http://www.jboss.org/services/prodsupport|JBoss]], who offer 24/7/365 enterprise-level support for Tomcat.
+  * There are numerous vendors in addition to the above consultants, like [[http://www.springsource.com/|SpringSource]] (formerly Covalent) and [[http://www.jboss.org/|JBoss]], who offer 24/7/365 enterprise-level support for Tomcat.
   * The Tomcat [[http://tomcat.apache.org/lists.html|mailing lists]] are extremely active and contain members of many of the above organizations, including contractors available for hire.
  
  <<Anchor(Q5)>>'''How do I know I have a validated release? How do I know no one has tampered with the release package?'''
  
- All Tomcat releases are signed using the Release Manager's [[http://www.pgpi.org/doc/pgpintro|PGP]] key. The key is also available in the KEYS file that ships with every Tomcat release. The same KEYS file is also available in the Tomcat CVS repository ([[http://www.apache.org/dist/tomcat/tomcat-5/KEYS|here]]). The PGP signatures are available on all the Tomcat download pages, and can (and should!) be used to verify the release really is the signed distribution.
+ All Tomcat releases are signed using the Release Manager's [[http://www.pgpi.org/doc/pgpintro|PGP]] key. The key is also available in the KEYS file that ships with every Tomcat release. The same KEYS file is also available in the Tomcat SVN repository ([[https://svn.apache.org/repos/asf/tomcat/trunk/KEYS|here]]). The PGP signatures are available on all the Tomcat download pages, and can (and should!) be used to verify the release really is the signed distribution.
  
- As for tampering: every Tomcat release is also digested using the MD5 algorithm as specified in [[http://www.faqs.org/rfcs/rfc1321.html|RFC1321]]. The MD5 digest is included in all the download pages. Users run MD5 on their local machine to verify that the digest of what they downlaoded is the same as that published in the Apache download pages. That way, users are assured the distribution has not been modified since the Release Manager signed it.
+ As for tampering: every Tomcat release is also digested using the MD5 algorithm as specified in [[http://www.faqs.org/rfcs/rfc1321.html|RFC1321]]. The MD5 digest is included in all the download pages. Users run MD5 on their local machine to verify that the digest of what they downloaded is the same as that published in the Apache download pages. That way, users are assured the distribution has not been modified since the Release Manager signed it.
  
  <<Anchor(Q6)>>'''What about security? I'm concerned about attacks.'''
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org