subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From danie...@apache.org
Subject svn commit: r1839066 - /subversion/site/staging/download.html
Date Sat, 25 Aug 2018 14:41:59 GMT
Author: danielsh
Date: Sat Aug 25 14:41:58 2018
New Revision: 1839066

URL: http://svn.apache.org/viewvc?rev=1839066&view=rev
Log:
* download.html: Mention that signatures are better than checksums.
    While here, add some details about sha512sum(1).

Modified:
    subversion/site/staging/download.html

Modified: subversion/site/staging/download.html
URL: http://svn.apache.org/viewvc/subversion/site/staging/download.html?rev=1839066&r1=1839065&r2=1839066&view=diff
==============================================================================
--- subversion/site/staging/download.html (original)
+++ subversion/site/staging/download.html Sat Aug 25 14:41:58 2018
@@ -256,9 +256,11 @@ Other mirrors:
 % gpg --verify subversion-[version].tar.gz.asc subversion-[version].tar.gz
 </code></p>
 
-<p>Alternatively, you can verify the checksums on the
-   files.  A unix program called <code>sha512sum</code>
-   is included in many unix distributions.<br />
+<p>If you're unable to verify the PGP signatures, you can instead verify the checksums
on the files.
+   However, PGP signatures are superior to checksums, and we recommend to verify using PGP
whenever possible.</p>
+
+<p>A unix program called <code>sha512sum</code> is included in many unix
distributions.
+   Run <code>sha512sum subversion-[version].tar.gz</code> to display the hash
of the downloaded file.<br />
    On Windows you can use the following command in a command line window, for
    instance: <code>certutil -hashfile &lt;filename&gt; SHA512</code>.</p>
 



Mime
View raw message