Author: danielsh Date: Sat Aug 25 14:41:58 2018 New Revision: 1839066 URL: http://svn.apache.org/viewvc?rev=1839066&view=rev Log: * download.html: Mention that signatures are better than checksums. While here, add some details about sha512sum(1).
Modified: subversion/site/staging/download.html Modified: subversion/site/staging/download.html URL: http://svn.apache.org/viewvc/subversion/site/staging/download.html?rev=1839066&r1=1839065&r2=1839066&view=diff ============================================================================== --- subversion/site/staging/download.html (original) +++ subversion/site/staging/download.html Sat Aug 25 14:41:58 2018 @@ -256,9 +256,11 @@ Other mirrors: % gpg --verify subversion-[version].tar.gz.asc subversion-[version].tar.gz </code></p> -<p>Alternatively, you can verify the checksums on the - files. A unix program called <code>sha512sum</code> - is included in many unix distributions.<br /> +<p>If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. + However, PGP signatures are superior to checksums, and we recommend to verify using PGP whenever possible.</p> + +<p>A unix program called <code>sha512sum</code> is included in many unix distributions. + Run <code>sha512sum subversion-[version].tar.gz</code> to display the hash of the downloaded file.<br /> On Windows you can use the following command in a command line window, for instance: <code>certutil -hashfile <filename> SHA512</code>.</p>