Hi - I just noticed that the links to the current release asc, md5, and sha512 are currently pointing to the mirrors. These need to be adjusted to point to the location at dist.apache.org. The reason is that a mirror could be compromised or corrupted and these small files used to verify a download should be from the master source.
Regards, Dave
signature.asc
Description: Message signed with OpenPGP
