You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xalan.apache.org by dl...@apache.org on 2001/05/07 17:27:44 UTC

cvs commit: xml-xalan/java/xdocs/sources/xalan faq.xml

dleslie     01/05/07 08:27:44

  Modified:    java/xdocs/sources/xalan faq.xml
  Log:
  Added faq on using .sig files to verify authenticity of a download file.
  
  Revision  Changes    Path
  1.6       +19 -1     xml-xalan/java/xdocs/sources/xalan/faq.xml
  
  Index: faq.xml
  ===================================================================
  RCS file: /home/cvs/xml-xalan/java/xdocs/sources/xalan/faq.xml,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- faq.xml	2001/03/13 21:01:07	1.5
  +++ faq.xml	2001/05/07 15:27:36	1.6
  @@ -137,5 +137,23 @@
          <code>xmlns:foo="http://my-namespace"</code></p>       
          <p>Then you can use foo: in your XPath expression.</p>
          <p>Hint: Don't use default namespaces, and the problem doesn't arise.</p></a>
  -    </faq>   
  +    </faq>
  +       
  +    <faq title="Using the 'signature' file to verify a download">
  +      <q>How does I use the "signature" file to verify my download?</q>
  +      <a>
  +        <p>For each Xalan download file in <resource-ref idref="xslt4j-distdir"/>, there is a corresponding signature file. 
  +        The signature file for xalan-j_2_0_1.tar.gz, for example, is xalan-j_2_0_1.tar.gz.sig.</p>
  +        <p>The .sig files are PGP signatures of the actual .zip or .tar.gz
  +        download files.  You can use these files to verify the authenticiy of the download. You do not need the .sig file to 
  +        use the corresponding donwload file.</p>
  +        <p>To check the authenticity of a Xalan distribution, you need a copy of
  +        PGP which is available in a number of licenses, including some free
  +        non-commercial licenses, either from an mit.edu site or on
  +        the pgp.com site. Once you have a version of PGP installed, you
  +        should be able to 'verify the signature' of the .sig file, which basically verifies that the corresponding 
  +        .zip or tar.gz file has not been changed since we signed it.</p>
  +      </a>
  +    </faq>
  +
   </faqs>
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-cvs-help@xml.apache.org