Author: danielsh
Date: Sat Aug 25 14:41:58 2018
New Revision: 1839066
URL: http://svn.apache.org/viewvc?rev=1839066&view=rev
Log:
* download.html: Mention that signatures are better than checksums.
While here, add some details about sha512sum(1).
Modified:
subversion/site/staging/download.html
Modified: subversion/site/staging/download.html
URL:
http://svn.apache.org/viewvc/subversion/site/staging/download.html?rev=1839066&r1=1839065&r2=1839066&view=diff
==============================================================================
--- subversion/site/staging/download.html (original)
+++ subversion/site/staging/download.html Sat Aug 25 14:41:58 2018
@@ -256,9 +256,11 @@ Other mirrors:
% gpg --verify subversion-[version].tar.gz.asc subversion-[version].tar.gz
</code></p>
-<p>Alternatively, you can verify the checksums on the
- files. A unix program called <code>sha512sum</code>
- is included in many unix distributions.<br />
+<p>If you're unable to verify the PGP signatures, you can instead verify the
checksums on the files.
+ However, PGP signatures are superior to checksums, and we recommend to
verify using PGP whenever possible.</p>
+
+<p>A unix program called <code>sha512sum</code> is included in many unix
distributions.
+ Run <code>sha512sum subversion-[version].tar.gz</code> to display the hash
of the downloaded file.<br />
On Windows you can use the following command in a command line window, for
instance: <code>certutil -hashfile <filename> SHA512</code>.</p>
