For earlier versions that have dropped from the LibreOffice mirror system-- see the TDF LibreOffice archives <http://downloadarchive.documentfoundation.org/libreoffice/old/> .
The MD5, SHA1 and SHA256 hashes are recorded in the 'Details' links for each file. For most folks, using the hash and skipping the GPG verification is sufficient. But, if you are super cautious, you'll need to use a GnuPG client to extract and verify the .ASC PGP signature of the download. Note: on Windows that would probably be Gpg4win <http://gpg4win.org/download.html> , it offers the Kleopatra GUI to simplify the steps. For any OS, you'll need the LibreOffice project public key, named.... 0xf434a1efafeeaea3 Done from CLI with gpg --keyserver hkp://keys.gnupg.net --recv-keys AFEEAEA3 and then running the GPG verify against the .ASC signature for the download. Both the installer package and the signature file need to be in the same directory. gpg --verify LibreOffice_4.1.5.3_Win_x86.msi.asc In doing so, you both verify the signature of the download (that it came from TDF build process) and coincidentally verify the integrity --completeness-- of the download. And for completeness, the Apache OpenOffice folks sign with public key 51B5FDE8 Stuart -- View this message in context: http://nabble.documentfoundation.org/Where-are-the-file-checksums-tp4100881p4100892.html Sent from the Users mailing list archive at Nabble.com. -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
