blautenb 2003/09/04 18:09:58
Modified: src/documentation/content/xdocs mirrors.ehtml
Log:
Added Xindice and PGP instructions
Revision Changes Path
1.4 +60 -1 xml-site/src/documentation/content/xdocs/mirrors.ehtml
Index: mirrors.ehtml
===================================================================
RCS file: /home/cvs/xml-site/src/documentation/content/xdocs/mirrors.ehtml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- mirrors.ehtml 4 Sep 2003 12:01:23 -0000 1.3
+++ mirrors.ehtml 5 Sep 2003 01:09:58 -0000 1.4
@@ -1,4 +1,7 @@
<html>
+<head>
+<title>Downloading</title>
+</head>
<body>
<h1>Apache XML Project Downloads</h1>
<h3>Download Notes</h3>
@@ -8,10 +11,19 @@
the links below will direct you to an archive near you.
Alternative
mirror locations are also provided.
</p>
+ <div class="frame note">
+ <div class="label">Note</div>
+ <div class="content">
+ You must <a href="#verify">verify the integrity</a> of the
downloaded
+ files using signatures downloaded from our main distribution
directory.
+ </div>
+ </div>
<p>
The source archives below are the latest release
versions for each sub-project. Access to the latest (and
possibly
unstable) source can be accessed via <a
href="cvs.html">cvs</a>.
+ Archives of old releases can be found at the
+ <a href="http://archive.apache.org/dist/xml";>Apache
Archives</a>.
</p>
<h3>Miror</h3>
@@ -107,5 +119,52 @@
</li>
</ul>
-</body>
+ <p><strong>Xindice</strong> - <em>unsigned</em></p>
+ <ul>
+ <li><a
href="[preferred]/xml/xindice/xml-xindice-1.0.tar.gz">
+ Version 1.0 - tar.gz</a></li>
+ <li><a
href="[preferred]/xml/xindice/xml-xindice-1.0.zip">
+ Version 1.0 - zip</a>
+ </li>
+ </ul>
+
+ <a name="verify"/>
+ <h3>Verify The Integrity of the Files</h3>
+
+ <p>It is essential that you verify the integrity of the
+ downloaded files using the PGP or MD5 signatures.</p>
+
+ <p>The PGP signatures can be verified using PGP or GPG.
+ First download the KEYS as well as the asc/sig signature
+ file for the particular distribution. Make sure you get
+ these files from the main distribution directory, rather
+ than from a mirror. Then verify the signatures using :
+ </p>
+
+ <pre class="code">
+% pgpk -a KEYS
+% pgpv <archive-name>.tar.gz.asc
+</pre>
+<strong>or</strong>
+<pre class="code">
+% pgp -ka KEYS
+% pgp <archive-name>.tar.gz.asc
+</pre>
+<strong>or</strong>
+<pre class="code">
+% gpg --import KEYS
+% gpg --verify <archive-name>.tar.gz.asc
+</pre>
+
+ <p>
+ Alternatively, you can verify the MD5 signature on the files.
+ A unix program called md5 or md5sum is included in many unix
distributions.
+ It is also available as part of
+ <a
href="http://www.gnu.org/directory/text/wordproc/textutils.html";>GNU
Textutils</a>.
+ Windows users can get binary md5 programs from
+ <a href="http://www.fourmilab.ch/md5/";>here</a>,
+ <a href="http://www.pc-tools.net/win32/freeware/console/";>here</a>,
or
+ <a href="http://www.slavasoft.com/fsum/";>here</a>.
+ </p>
+ </body>
</html>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
