THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The important part is that it's a "correct signature" (Above is on my German Mac Book). And that the email assigned to the signature is an Apache email. The "ultimativ" at the end depends on your PGP trust environment. If you are not yet trusting any Apache people, this might be different.
Verifying the hashes (SHA512)
Unfortunately checking the hashes isn't as automatic as checking the signatures.
| Code Block |
|---|
shasum -a512 apache-iotdb-0.8.0-incubating-source-release.zip |
This will print out the hash ... unfortunately I haven't found a tool that you could pass along the SHA512 file and it just says: OK or NOT OK, so you have to manually compare the output with the output in the SHA512 file.
You however don't have to check everything. I usually check the first 8 chars and the last 8 ... the probability of the rest in the middle being different is minimal..