What's up with http://xerces.apache.org/mirrors.cgi?
For a page that says, "It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures," it's a bit worrying that the link to the latest release produces an HTTP 404 and the repository mirrors have a newer version that is not mentioned on the above-linked page. Looking back through the archives, I can see that there was discussion of releasing 3.1.3, so I assume that the release is legitimate. Following the link to the PGP signature from that page and then changing the version number in the URL produces a PGP signature which verifies the 3.1.3 download as signed by Scott Cantor. I guess it's okay... Any chance we could get the download page updated with the latest release? Regards, Tom
