deltaspike-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r915970 - in /websites/staging/deltaspike/trunk/content: ./ download.html
Date Sat, 12 Jul 2014 19:50:53 GMT
Author: buildbot
Date: Sat Jul 12 19:50:53 2014
New Revision: 915970

Staging update by buildbot for deltaspike

    websites/staging/deltaspike/trunk/content/   (props changed)

Propchange: websites/staging/deltaspike/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Sat Jul 12 19:50:53 2014
@@ -1 +1 @@

Modified: websites/staging/deltaspike/trunk/content/download.html
--- websites/staging/deltaspike/trunk/content/download.html (original)
+++ websites/staging/deltaspike/trunk/content/download.html Sat Jul 12 19:50:53 2014
@@ -85,7 +85,7 @@
 <li><a href="#source-distribution">Source Distribution</a></li>
 <li><a href="#maven-dependencies">Maven Dependencies</a></li>
 <li><a href="#previous-releases">Previous Releases</a></li>
-<li><a href="#key-file">KEY-File</a></li>
+<li><a href="#verifying-releases">Verifying Releases</a></li>
 <hr />
@@ -109,8 +109,33 @@
 <p>Details are available <a href="documentation.html#project-configuration-with-maven">here</a>.</p>
 <h1 id="previous-releases">Previous Releases</h1>
 <p>See <a href="" target="_blank">Release-Archive</a></p>
-<h1 id="key-file">KEY-File</h1>
-<p>See <a href=";a=blob_plain;f=keys/KEYS;h=6cb2559835ca809d1eb24bbdae56bd49695b93bd;hb=015dbba89afeb9bc763da72302587695d41af7e7"
+<h1 id="verifying-releases">Verifying Releases</h1>
+<p>It is essential that you verify the integrity of any downloaded files using
+the PGP or MD5 signatures.  For more information on signing artifacts and
+why we do it, check out the
+<a href="">Release Signing FAQ</a>.</p>
+<p>The PGP signatures can be verified using PGP or GPG. First download the <a href="">KEYS</a>
+as well as the asc signature file for the artifact. Make sure you get
+these files from the
+<a href="">main distribution directory</a>,
+rather than from a
+<a href="">mirror</a>.
+Then verify the signatures using e.g.:</p>
+<div class="codehilite"><pre><span class="nv">$ </span>pgpk -a KEYS
+<span class="nv">$ </span>pgpv
+<div class="codehilite"><pre><span class="nv">$ </span>pgp -ka KEYS
+<span class="nv">$ </span>pgp
+<div class="codehilite"><pre><span class="nv">$ </span>gpg --import
+<span class="nv">$ </span>gpg --verify

View raw message