Author: kiwiwings
Date: Sun Jul 8 11:22:05 2018
New Revision: 1835347
URL: http://svn.apache.org/viewvc?rev=1835347&view=rev
Log:
update verify section, change reference to KEYS file, so it's not referenced
anymore on SVN
Modified:
xmlbeans/site/build/site/download/index.html
xmlbeans/site/src/documentation/content/xdocs/download/index.xml
Modified: xmlbeans/site/build/site/download/index.html
URL:
http://svn.apache.org/viewvc/xmlbeans/site/build/site/download/index.html?rev=1835347&r1=1835346&r2=1835347&view=diff
==============================================================================
--- xmlbeans/site/build/site/download/index.html (original)
+++ xmlbeans/site/build/site/download/index.html Sun Jul 8 11:22:05 2018
@@ -202,10 +202,7 @@ document.write("Last Published: " + docu
<a
href="https://www.apache.org/dyn/closer.lua/poi/xmlbeans/dev/RELEASE-NOTES-3.0.0.txt";>Release
Notes</a>.
A full list of changes is available in the
- <a
href="https://svn.apache.org/viewvc/xmlbeans/trunk/CHANGES.txt?view=markup&pathrev=1833767";>
- change
- log
- </a>
+ <a href="../status.html">change log</a>
or the corresponding <a
href="https://issues.apache.org/jira/issues/?jql=project%20%3D%20XMLBEANS%20AND%20fixVersion%20%3D%20%22Version%203.0.0%22";>
Jira ticket</a>.
People interested should also follow the
@@ -337,15 +334,64 @@ document.write("Last Published: " + docu
</ul>
</div>
-
<a name="verify"></a>
-<h2 class="boxed">Verify release</h2>
+<h2 class="boxed">Verify</h2>
<div class="section">
-<p>You should verify the integrity of the files that you download.
- <a href="http://xml.apache.org/mirrors.cgi#verify";>Here</a>
- are some instructions for verifying the integrity of a
downloaded file.
+<p>
+ It is essential that you verify the integrity of the
downloaded files using the PGP and MD5 signatures.
+ Please read <a
href="https://httpd.apache.org/dev/verification.html";>Verifying Apache HTTP
Server Releases</a>
+ for more information on why you should verify our releases.
This page provides detailed instructions which you can use for POI artifacts.
+ </p>
+<p>
+ The PGP signatures can be verified using PGP or GPG. First
+ <a href="https://www.apache.org/dist/poi/KEYS";>download the
KEYS file</a>
+ as well as the .asc signature files for the relevant release
packages.
+ Make sure you get these files from the main distribution
directory, rather than from a mirror.
+ Then <a
href="https://www.apache.org/info/verification.html";>verify the signatures</a>.
</p>
+<p>
+ As an example:
+ </p>
+<pre class="code">
+% pgpk -a KEYS
+% pgpv xmlbeans-X.Y.Z.jar.asc
+</pre>
+<p>or</p>
+<pre class="code">
+% pgp -ka KEYS
+% pgp xmlbeans-X.Y.Z.jar.asc
+</pre>
+<p>or</p>
+<pre class="code">
+% gpg --import KEYS
+% gpg --verify xmlbeans-X.Y.Z.jar.asc xmlbeans-X.Y.Z.jar
+</pre>
+<p>Sample verification of xmlbeans-bin-3.0.0-20180629.tgz</p>
+<pre class="code">
+% gpg --import KEYS
+gpg: key 38DAC8E212DAE9BE: "Glen Stampoultzis <glens at apache.org>" not
changed
+gpg: key F5C260164CEED75F: 32 duplicate signatures removed
+gpg: key F5C260164CEED75F: 108 signatures not checked due to missing keys
+gpg: key F5C260164CEED75F: 1 signature reordered
+gpg: key F5C260164CEED75F: "Nick Burch <nick at gagravarr.org>" not
changed
+gpg: key 8AAF88D6D84E41AE: 1 duplicate signature removed
+ ...
+
+% gpg --verify xmlbeans-bin-3.0.0-20180629.tgz.asc
+gpg: assuming signed data in 'xmlbeans-bin-3.0.0-20180629.tgz'
+gpg: Signature made Di 03 Jul 2018 00:52:28 CEST
+gpg: using RSA key 24188560524400B142BE3386A93E1C4B26062CE3
+gpg: Good signature from "Andreas Beeker <kiwiwings at apache.org>"
[ultimate]
+gpg: aka "Andreas Beeker (kiwiwings) <andreas.beeker at
gmx.de>" [ultimate]
+
+% gpg --fingerprint 24188560524400B142BE3386A93E1C4B26062CE3
+pub rsa2048 2014-08-17 [SC] [expires: 2020-07-06]
+2418 8560 5244 00B1 42BE 3386 A93E 1C4B 2606 2CE3
+uid [ultimate] Andreas Beeker <kiwiwings at apache.org>
+uid [ultimate] Andreas Beeker (kiwiwings) <andreas.beeker at
gmx.de>
+sub rsa2048 2014-08-17 [E] [expires: 2020-07-06]
+</pre>
</div>
Modified: xmlbeans/site/src/documentation/content/xdocs/download/index.xml
URL:
http://svn.apache.org/viewvc/xmlbeans/site/src/documentation/content/xdocs/download/index.xml?rev=1835347&r1=1835346&r2=1835347&view=diff
==============================================================================
--- xmlbeans/site/src/documentation/content/xdocs/download/index.xml (original)
+++ xmlbeans/site/src/documentation/content/xdocs/download/index.xml Sun Jul 8
11:22:05 2018
@@ -62,10 +62,7 @@
<a
href="https://www.apache.org/dyn/closer.lua/poi/xmlbeans/dev/RELEASE-NOTES-3.0.0.txt";>Release
Notes</a>.
A full list of changes is available in the
- <a
href="https://svn.apache.org/viewvc/xmlbeans/trunk/CHANGES.txt?view=markup&pathrev=1833767";>
- change
- log
- </a>
+ <a href="site:home/changes">change log</a>
or the corresponding <a
href="https://issues.apache.org/jira/issues/?jql=project%20%3D%20XMLBEANS%20AND%20fixVersion%20%3D%20%22Version%203.0.0%22";>
Jira ticket</a>.
@@ -182,13 +179,61 @@
</section>
</section>
-
- <section id="verify">
- <title>Verify release</title>
- <p>You should verify the integrity of the files that you download.
- <a href="http://xml.apache.org/mirrors.cgi#verify";>Here</a>
- are some instructions for verifying the integrity of a
downloaded file.
+ <section id="verify"><title>Verify</title>
+ <p>
+ It is essential that you verify the integrity of the
downloaded files using the PGP and MD5 signatures.
+ Please read <a
href="https://httpd.apache.org/dev/verification.html";>Verifying Apache HTTP
Server Releases</a>
+ for more information on why you should verify our releases.
This page provides detailed instructions which you can use for POI artifacts.
+ </p>
+ <p>
+ The PGP signatures can be verified using PGP or GPG. First
+ <a href="https://www.apache.org/dist/poi/KEYS";>download the
KEYS file</a>
+ as well as the .asc signature files for the relevant release
packages.
+ Make sure you get these files from the main distribution
directory, rather than from a mirror.
+ Then <a
href="https://www.apache.org/info/verification.html";>verify the signatures</a>.
</p>
+ <p>
+ As an example:
+ </p>
+<source>
+% pgpk -a KEYS
+% pgpv xmlbeans-X.Y.Z.jar.asc
+</source>
+ <p>or</p>
+<source>
+% pgp -ka KEYS
+% pgp xmlbeans-X.Y.Z.jar.asc
+</source>
+ <p>or</p>
+<source>
+% gpg --import KEYS
+% gpg --verify xmlbeans-X.Y.Z.jar.asc xmlbeans-X.Y.Z.jar
+</source>
+ <p>Sample verification of xmlbeans-bin-3.0.0-20180629.tgz</p>
+<source>
+% gpg --import KEYS
+gpg: key 38DAC8E212DAE9BE: "Glen Stampoultzis <glens at apache.org>" not
changed
+gpg: key F5C260164CEED75F: 32 duplicate signatures removed
+gpg: key F5C260164CEED75F: 108 signatures not checked due to missing keys
+gpg: key F5C260164CEED75F: 1 signature reordered
+gpg: key F5C260164CEED75F: "Nick Burch <nick at gagravarr.org>" not
changed
+gpg: key 8AAF88D6D84E41AE: 1 duplicate signature removed
+ ...
+
+% gpg --verify xmlbeans-bin-3.0.0-20180629.tgz.asc
+gpg: assuming signed data in 'xmlbeans-bin-3.0.0-20180629.tgz'
+gpg: Signature made Di 03 Jul 2018 00:52:28 CEST
+gpg: using RSA key 24188560524400B142BE3386A93E1C4B26062CE3
+gpg: Good signature from "Andreas Beeker <kiwiwings at apache.org>"
[ultimate]
+gpg: aka "Andreas Beeker (kiwiwings) <andreas.beeker at
gmx.de>" [ultimate]
+
+% gpg --fingerprint 24188560524400B142BE3386A93E1C4B26062CE3
+pub rsa2048 2014-08-17 [SC] [expires: 2020-07-06]
+2418 8560 5244 00B1 42BE 3386 A93E 1C4B 2606 2CE3
+uid [ultimate] Andreas Beeker <kiwiwings at apache.org>
+uid [ultimate] Andreas Beeker (kiwiwings) <andreas.beeker at
gmx.de>
+sub rsa2048 2014-08-17 [E] [expires: 2020-07-06]
+</source>
</section>
<section id="dependencies">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org
