-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 George,
On 11/9/16 5:13 PM, George Sexton wrote: > I'm looking at this page here: > > http://tomcat.apache.org/download-70.cgi > > and in the release integrity section, it provides a link to the > keys that were used to sign releases. > > What I'm not seeing are the signature and hash files. Can someone > point me to those? In the download area, each link (e.g. Core : zip) has a series of links after them: pgp, md5, sha1. Those link to the signature/hash files. Note that the signature and hash files should always be obtained from apache.org using HTTPS (as they are linked on the page), rather than from a mirror. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYI6VBAAoJEBzwKT+lPKRYXLEQAIfpCLht8FRUoJRMBZfX9OSf iXgPq6j0GO6JwetPhSBqYgJS0pxd7TdcOgme/Q3rzAR5OYHUwsltAK1yQdF2aXym nFz2ssEI2FsRoxcE0M3CxuMSkw/LWMmHsCrjMvCpYazEcDdnFSl6xsRf1tGFTAvL fkWFcugwg6qdQMSQXjIl3J46538v+m2SmkI1W/RcBw4hgjdd3znBY9EkhxVNabTc Dsv69mbPr91TJTU0luqeBeG2NkM/PHMYOjlihI8U1LQZCDd31SuL/9uvahsMbuV4 zVmbAZGiUrL9mgSGumdbnKK7S3eqwYEueGtUbmXb3mKKHitPouYhb6JhwG7Qtzsq +i63N+Ke1gbKHQpebg86UTFJog8ni1S74OQXg+K+jfC8OKvQMiCQPtMWE6h52El+ 3S8xs7mpoqjGYz/tMHbxmb6dwUy6y0xmjQGt0DbDqr2p3VS2yRcbMoXKOFsbz4I1 sFwMDu/xknWtI/Bz9JLvZghjKQZNcw8Rb3aHLC/rbTJdi3sKDj94Xq3H+Gick5Lw y5wLRk6snkOk0+TkgT6F4OIHsfe1lJF+Br9xFoRh3aYM3lPEcdtgRdU4MiwgAIeD aNw644Lyf9uVzQemd5y9nrtcgBcHW1JVZeqy94PI8Na6dkX9CzqHSVBEca0p2liQ LdD68cTCeeT6WrunOAVh =QLgl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
