Hi Benjamin, Just note, that you only need to check the PGP signatures if you have a doubt about the validity of the zip files or that you like being extra sure. You can use the zip files without the extra step.
André-John Sent from my phone. Envoyé depuis mon téléphone. > On 23 Apr 2015, at 21:00, Benjamin Spero <bensp...@yahoo.com.INVALID> wrote: > > Thank you for your help. I have something to ask. I just want to make sure > I’m doing the right thing since I’m new to Apache. When downloading OpenPGP, > I’m going to the site gnupg.org/download. I’m using a Mac. Under GnuPG > Binary Releases, after clicking on GnuPG for OS X there are 2 files, DMG > file and signature file. Is it just the signature file I download? > > Thank you, > Ben > > >> On Apr 18, 2015, at 4:05 PM, Stefan Bodewig <bode...@apache.org> wrote: >> >>> On 2015-04-18, Benjamin Spero wrote: >>> >>> I would like to download the latest version of the ant and ivy >>> projects. If I download from the source distribution do I get all the >>> source code? >> >> Yes, you get everything you need to build Ant or Ivy yourself if you >> follow the respective build instructions. >> >>> Do I need to verify the integrity of the downloaded files? >> >> What we've put on our download page is a general recomendation for any >> download of software, You should be totally sure you are installing >> what you expect it to be. We offer PGP signatures as a means to >> verifythe download hasn't been corrupted. >> >>> I was trying to follow the instructions. After clicking on KEYS and >>> saving the PGP KEYS page how do I apply it to the downloaded ant and >>> ivy files to check the integrity? I forgot to mention I will be >>> downloading this on a Mac. >> >> You need an OpenPGP implementation for your platform - most likely >> GnuPG. With the first command of the instructions you import the KEYS >> file (that you should have retrieved via HTTPs directly from an ASF >> server, not a mirror), after that PGP/GnuPG knows the key that we have >> used to sign the files. For the second step you need to download the >> PGP signature file next to the source archive and then you use PGP/GnuPG >> to verify the signature. >> >> Stefan >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org >> For additional commands, e-mail: dev-h...@ant.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org > For additional commands, e-mail: dev-h...@ant.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
