Blindness. I was looking in the release integrity section for the answer...
On 11/9/2016 3:37 PM, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
George,
On 11/9/16 5:13 PM, George Sexton wrote:
I'm looking at this page here:
http://tomcat.apache.org/download-70.cgi
and in the release integrity section, it provides a link to the
keys that were used to sign releases.
What I'm not seeing are the signature and hash files. Can someone
point me to those?
In the download area, each link (e.g. Core : zip) has a series of
links after them: pgp, md5, sha1. Those link to the signature/hash
files. Note that the signature and hash files should always be
obtained from apache.org using HTTPS (as they are linked on the page),
rather than from a mirror.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJYI6VBAAoJEBzwKT+lPKRYXLEQAIfpCLht8FRUoJRMBZfX9OSf
iXgPq6j0GO6JwetPhSBqYgJS0pxd7TdcOgme/Q3rzAR5OYHUwsltAK1yQdF2aXym
nFz2ssEI2FsRoxcE0M3CxuMSkw/LWMmHsCrjMvCpYazEcDdnFSl6xsRf1tGFTAvL
fkWFcugwg6qdQMSQXjIl3J46538v+m2SmkI1W/RcBw4hgjdd3znBY9EkhxVNabTc
Dsv69mbPr91TJTU0luqeBeG2NkM/PHMYOjlihI8U1LQZCDd31SuL/9uvahsMbuV4
zVmbAZGiUrL9mgSGumdbnKK7S3eqwYEueGtUbmXb3mKKHitPouYhb6JhwG7Qtzsq
+i63N+Ke1gbKHQpebg86UTFJog8ni1S74OQXg+K+jfC8OKvQMiCQPtMWE6h52El+
3S8xs7mpoqjGYz/tMHbxmb6dwUy6y0xmjQGt0DbDqr2p3VS2yRcbMoXKOFsbz4I1
sFwMDu/xknWtI/Bz9JLvZghjKQZNcw8Rb3aHLC/rbTJdi3sKDj94Xq3H+Gick5Lw
y5wLRk6snkOk0+TkgT6F4OIHsfe1lJF+Br9xFoRh3aYM3lPEcdtgRdU4MiwgAIeD
aNw644Lyf9uVzQemd5y9nrtcgBcHW1JVZeqy94PI8Na6dkX9CzqHSVBEca0p2liQ
LdD68cTCeeT6WrunOAVh
=QLgl
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.connectdaily.com
