Author: markt Date: Mon Jun 11 19:26:06 2012 New Revision: 1348979 URL: http://svn.apache.org/viewvc?rev=1348979&view=rev Log: Make verification text consistent across all components
Modified: tomcat/jk/trunk/tools/dist/README.html Modified: tomcat/jk/trunk/tools/dist/README.html URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/dist/README.html?rev=1348979&r1=1348978&r2=1348979&view=diff ============================================================================== --- tomcat/jk/trunk/tools/dist/README.html (original) +++ tomcat/jk/trunk/tools/dist/README.html Mon Jun 11 19:26:06 2012 @@ -34,35 +34,12 @@ nearest mirror site!</a></a></h2> </p> <h2><a name="sig">PGP Signatures</a></h2> -<p>All of the release distribution packages have been digitally signed - (using PGP or GPG) by the Apache Tomcat Group members that constructed them. - There will be an accompanying <SAMP><EM>distribution</EM>.asc</SAMP> file - in the same directory as the distribution. The PGP keys can be found - at the MIT key repository and within this project's - <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/KEYS">KEYS file</a>. -</p> - -<p>Always use the signature files to verify the authenticity - of the distribution, <i>e.g.</i>,</p> - -<pre> -% pgpk -a KEYS -% pgpv tomcat-connectors-1.2.37-src.tar.gz.asc -<i>or</i>, -% pgp -ka KEYS -% pgp tomcat-connectors-1.2.37-src.tar.gz.asc -<i>or</i>, -% gpg --import KEYS -% gpg --verify tomcat-connectors-1.2.37-src.tar.gz.asc -</pre> - -<p>We offer MD5 and SHA1 hashes as an alternative to validate the integrity - of the downloaded files. A unix program called <code>md5</code> or - <code>md5sum</code> is included in many unix distributions. It is - also available as part of <a - href="http://www.gnu.org/software/textutils/textutils.html">GNU - Textutils</a>. Windows users can get binary md5 programs from <a - href="http://www.fourmilab.ch/md5/">here</a>, <a - href="http://www.pc-tools.net/win32/freeware/console/">here</a>, or - <a href="http://www.slavasoft.com/fsum/">here</a>. -</p> +<p>You <strong>must</strong> verify the integrity of the downloaded files. + We provide OpenPGP signatures for every release file. This signature should + be matched against the + <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/KEYS">KEYS</a> + file which contains the OpenPGP keys of the Release Managers. We also + provide an <code>MD5</code> checksum for every release file. After you + download the file, you should calculate a checksum for your download, and + make sure it is the same as ours. +</p> \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org