Can somebody tell me How to do what is described below you *must* verify the integrity of the downloaded files. We provide PGP signatures for every release file. This signature should be matched against the KEYS <http://www.apache.org/dist/tomcat/tomcat-5/KEYS>file which contains the PGP keys of Tomcat's Release Managers. We also provide an MD5 checksum for every release file. After you download the file, you should calculate a checksum for your download, and make sure it is the same as ours.
-- Varuna Seneviratna No 514 Udumulla Road Battaramulla Sri Lanka Tel : 011-2888620