svn commit: r1644192 - /oodt/cms_site/trunk/content/download.md

Tue, 09 Dec 2014 13:33:12 -0800 

Author: lewismc
Date: Tue Dec  9 21:32:36 2014
New Revision: 1644192

URL: http://svn.apache.org/r1644192
Log:
CMS commit to oodt by lewismc

Modified:
    oodt/cms_site/trunk/content/download.md

Modified: oodt/cms_site/trunk/content/download.md
URL: 
http://svn.apache.org/viewvc/oodt/cms_site/trunk/content/download.md?rev=1644192&r1=1644191&r2=1644192&view=diff
==============================================================================
--- oodt/cms_site/trunk/content/download.md (original)
+++ oodt/cms_site/trunk/content/download.md Tue Dec  9 21:32:36 2014
@@ -61,7 +61,9 @@
        <h4>Official Release</h4>
         <p>
         <b>Semptember-2014</b>: The Latest Apache™ OODT version 0.7 is now 
released and available for download.</p>
+        <p>
         <a href="http://www.apache.org/dyn/closer.cgi/oodt"; class="clear 
actbutton">Download OODT</a>
+        </p>
 
         <h4>Mirrors</h4>
         <p>The link in the Mirrors column below should display a default 
mirror selection based on your inferred location. 
@@ -96,6 +98,24 @@
   </tbody>
 </table>
 
+        <h4>Verify Releases</h4>
+        <p>It is essential that you verify the integrity of the downloaded 
files using the PGP, MD5 and/or SHA signatures. published with every OODT 
release.</p>
+        <p>Please read <a 
href="http://httpd.apache.org/dev/verification.html";>Verifying Apache HTTP 
Server Releases</a> for more information on why you should verify our 
releases.</p>
+        <p>We strongly recommend you verify your downloads with at least both 
PGP and MD5. Guidance for doing so is provided below.</p>
+
+        <h4>PGP Signature</h4>
+        <p>The PGP signatures can be verified using PGP or GPG. First download 
the <a href="http://www.apache.org/dist/oodt/KEYS-0.7.txt";>KEYS</a> as well as 
the asc signature file for the relevant distribution.</p>
+        <p>N.B.Make sure you get these files from the <a 
href="http://www.apache.org/dist/oodt/";>main distribution directory</a>, rather 
than from a mirror. Then verify the signatures using the following:</p>
+        <code>
+        $ gpg --import KEYS 
+        $ gpg --verify apache-gora-X.Y.Z-src.tar.gz.asc
+        </code>
+        <p>The files in the most recent release are signed by B876884A 
2007-12-24  Chris Mattmann (CODE SIGNING KEY) <[email protected]></p>
+
+        <h4>MD5 Signature</h4>
+
+        <h4>Previous Releases</h4>
+
        </div><!-- end main content-->
 <!-- SIDEBAR-->
 <div class="four columns">

Reply via email to