Just FYI: I'm getting invalid signature on Apache-tomcat-7.0.64.tar.gz when I download from http://apache.mirrors.hoobly.com/
Signed with unknown certificate 0x208B0AB1D63011C7. The signature is bad. Sooo, tried again and downloaded from http://www.us.apache.org/dist/ Valid signature this time. I guess it could be a problem on my end with my keys or whatever. But whatever the case is, I don't have any problems with the signature when downloading from http://www.us.apache.org/dist/ David Ray System Administrator | Technical Operations Tarrant County College District | Office: OWTL 3300.B28 2301 Horizon Dr. | Fort Worth, TX 76177 817-515-1843 | Fax 817-515-0812 david....@tccd.edu | www.tccd.edu