On 2015-04-24, Benjamin Spero wrote: > Thank you for your help. I have something to ask. I just want to > make sure I’m doing the right thing since I’m new to Apache. When > downloading OpenPGP, I’m going to the site gnupg.org/download. I’m > using a Mac. Under GnuPG Binary Releases, after clicking on GnuPG for > OS X there are 2 files, DMG file and signature file. Is it just the > signature file I download?
If you want to verify the signature of Ant releases, then you will nee to install GnuPG itself (or an alternative PGP implementation, but I'm not a Mac userand don't know about alternatives). You will need the DMG file which contains the GNuPG binary itself. The signature is something you use to verify the integrity of the DMG file just like you verify the integrite of Ant releases (nobody forces you to do so). In GnuPG's case there is a chicken and egg problem, of course. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
