This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-connectors.git
The following commit(s) were added to refs/heads/master by this push: new 2479474 Align with text currently used on dist.a.o 2479474 is described below commit 24794746408d0a0b54c30679a7b1705d2fb85e81 Author: Mark Thomas <ma...@apache.org> AuthorDate: Mon Feb 24 13:37:05 2020 +0000 Align with text currently used on dist.a.o --- tools/dist/README.html | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/tools/dist/README.html b/tools/dist/README.html index 1dc53e5..b83b650 100644 --- a/tools/dist/README.html +++ b/tools/dist/README.html @@ -34,12 +34,32 @@ nearest mirror site!</a></a></h2> </p> <h2><a name="sig">PGP Signatures</a></h2> -<p>You <strong>must</strong> verify the integrity of the downloaded files. - We provide OpenPGP signatures for every release file. This signature should - be matched against the - <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/KEYS">KEYS</a> - file which contains the OpenPGP keys of the Release Managers. We also - provide an <code>SHA1</code> and <code>SHA512</code> checksum for every - release file. After you download the file, you should calculate a checksum - for your download, and make sure it is the same as ours. +<p>All of the release distribution packages have been digitally signed + (using PGP or GPG) by the Apache Tomcat Group members that constructed them. + There will be an accompanying <SAMP><EM>distribution</EM>.asc</SAMP> file + in the same directory as the distribution. The PGP keys can be found + at the MIT key repository and within this project's + <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/KEYS">KEYS file</a>. +</p> + +<p>Always use the signature files to verify the authenticity + of the distribution, <i>e.g.</i>,</p> + +<pre> +% pgpk -a KEYS +% pgpv tomcat-connectors-1.2.48-src.tar.gz.asc +<i>or</i>, +% pgp -ka KEYS +% pgp tomcat-connectors-1.2.48-src.tar.gz.asc +<i>or</i>, +% gpg --import KEYS +% gpg --verify tomcat-connectors-1.2.48-src.tar.gz.asc +</pre> + +<p>We provide SHA512 hashes as an alternative to validate the integrity + of the downloaded files. The program <code>sha512sum<code> is included + in many unix distributions. They are also available as part of <a + href="https://www.gnu.org/software/coreutils/coreutils.html">GNU + Coreutils</a>. Windows users can use <a + href="https://sourceforge.net/projects/cyohash/">Cyohash</a>. </p> \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org