tinkerpop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From spmalle...@apache.org
Subject [tinkerpop] branch master updated: Added link to verify downloads and updated sha1 to sha512 CTR
Date Wed, 09 Jan 2019 18:26:52 GMT
This is an automated email from the ASF dual-hosted git repository.

spmallette pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git


The following commit(s) were added to refs/heads/master by this push:
     new 8c70d17  Added link to verify downloads and updated sha1 to sha512 CTR
8c70d17 is described below

commit 8c70d17f70b10e53bd0a843bca0ff21b3817de81
Author: Stephen Mallette <spmva@genoprime.com>
AuthorDate: Wed Jan 9 13:26:16 2019 -0500

    Added link to verify downloads and updated sha1 to sha512 CTR
---
 docs/site/home/downloads.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/site/home/downloads.html b/docs/site/home/downloads.html
index 3491ed2..a39a5dc 100644
--- a/docs/site/home/downloads.html
+++ b/docs/site/home/downloads.html
@@ -31,6 +31,7 @@ limitations under the License.
        <li><a href="https://www.nuget.org/packages/Gremlin.Net/">NuGet</a></li>
      </ul>
     </p>
+     <p>Instructions on how to validate downloads via their signatures can be found
<a href="#verify">below</a>.</p>
     <br/>
     <h4>Current Releases</h4>
     <table class="table">
@@ -624,8 +625,9 @@ limitations under the License.
         </tr>
     </table>
     <p><strong>Note</strong> that upgrade documentation was only introduced
at 3.1.1-incubating which is why there are no links "upgrade" links in versions prior to that
one.
+    <a name="verify"></a>
     <h4>Verifying Downloads</h4>
-    <p>All downloads have associated PGP and SHA1 signatures to help verify a distribution
provided by a mirror. To verify a distribution via PGP or GPG first download the
+    <p>All downloads have associated PGP and SHA512 signatures to help verify a distribution
provided by a mirror. To verify a distribution via PGP or GPG first download the
        <a href="https://www.apache.org/dist/tinkerpop/KEYS">KEYS</a> file (it
is important to use the linked file which is from the main distribution directory and not
a
        mirror. Next download the appropriate "asc" signature file for the relevant distribution
(again, this file should come from the <a href="https://www.apache.org/dist/tinkerpop/">main
        distribution directory</a> - note that older releases will have such files in
the <a href="https://archive.apache.org/dist/tinkerpop/">archives</a> or if released
under Apache
@@ -651,7 +653,7 @@ limitations under the License.
       gpg --verify apache-gremlin-console-x.y.z-bin.zip.asc apache-gremlin-console-x.y.z-bin.zip
       </code></pre>
     </p>
-    <p>Alternatively, consider verifying the SHA1 signature on the files. An SHA1 signature
consists of 40 hex characters.
+    <p>Alternatively, consider verifying the SHA512 signature on the files. An SHA512
signature consists of 40 hex characters.
        Ensure that the generated signature string matches the signature string published
in the files above.</p>
  </div>
 </div>


Mime
View raw message