tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Tomcat Wiki] Trivial Update of "FAQ/FDA_Validation" by KonstantinKolinko
Date Sun, 28 Mar 2010 02:52:19 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "FAQ/FDA_Validation" page has been changed by KonstantinKolinko.
The comment on this change is: Updated links and corrected some misprints.
http://wiki.apache.org/tomcat/FAQ/FDA_Validation?action=diff&rev1=3&rev2=4

--------------------------------------------------

  
  Several kinds. They include:
  
-  * There are numerous smaller [[http://jakarta.apache.org/site/vendors.html|vendors]] and
several large ones, including IBM, HP, Sun, and Novell, who offer Tomcat consulting and support
services, including application auditing, environment assessments, and risk analysis.
+  * There are numerous smaller [[SupportAndTraining|vendors]] and several large ones, including
IBM, HP, Sun, and Novell, who offer Tomcat consulting and support services, including application
auditing, environment assessments, and risk analysis.
-  * There are numerous vendors in addition to the above consultants, like [[http://www.covalent.net/|Covalent]]
and [[http://www.jboss.org/services/prodsupport|JBoss]], who offer 24/7/365 enterprise-level
support for Tomcat.
+  * There are numerous vendors in addition to the above consultants, like [[http://www.springsource.com/|SpringSource]]
(formerly Covalent) and [[http://www.jboss.org/|JBoss]], who offer 24/7/365 enterprise-level
support for Tomcat.
   * The Tomcat [[http://tomcat.apache.org/lists.html|mailing lists]] are extremely active
and contain members of many of the above organizations, including contractors available for
hire.
  
  <<Anchor(Q5)>>'''How do I know I have a validated release? How do I know no
one has tampered with the release package?'''
  
- All Tomcat releases are signed using the Release Manager's [[http://www.pgpi.org/doc/pgpintro|PGP]]
key. The key is also available in the KEYS file that ships with every Tomcat release. The
same KEYS file is also available in the Tomcat CVS repository ([[http://www.apache.org/dist/tomcat/tomcat-5/KEYS|here]]).
The PGP signatures are available on all the Tomcat download pages, and can (and should!) be
used to verify the release really is the signed distribution.
+ All Tomcat releases are signed using the Release Manager's [[http://www.pgpi.org/doc/pgpintro|PGP]]
key. The key is also available in the KEYS file that ships with every Tomcat release. The
same KEYS file is also available in the Tomcat SVN repository ([[https://svn.apache.org/repos/asf/tomcat/trunk/KEYS|here]]).
The PGP signatures are available on all the Tomcat download pages, and can (and should!) be
used to verify the release really is the signed distribution.
  
- As for tampering: every Tomcat release is also digested using the MD5 algorithm as specified
in [[http://www.faqs.org/rfcs/rfc1321.html|RFC1321]]. The MD5 digest is included in all the
download pages. Users run MD5 on their local machine to verify that the digest of what they
downlaoded is the same as that published in the Apache download pages. That way, users are
assured the distribution has not been modified since the Release Manager signed it.
+ As for tampering: every Tomcat release is also digested using the MD5 algorithm as specified
in [[http://www.faqs.org/rfcs/rfc1321.html|RFC1321]]. The MD5 digest is included in all the
download pages. Users run MD5 on their local machine to verify that the digest of what they
downloaded is the same as that published in the Apache download pages. That way, users are
assured the distribution has not been modified since the Release Manager signed it.
  
  <<Anchor(Q6)>>'''What about security? I'm concerned about attacks.'''
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message