THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Each software artifact is signed using a PGP (Pretty Good Privacy) key. It is important to verify the downloaded key in copy of software you downloaded matches the original key originally used to sign the software artifacdtartifact.
You can verify the signatures using a command line interface or other software program (Kleopatra). Both methods are described below. See https://httpd.apache.org/dev/verification.html for some general verification info.
Command line interface
- Download the Taverna key file from https://dist.apache.org/repos/dist/release/incubator/taverna/KEYS. (On Windows this can be done by typing Ctrl-S in the browser window and saving the file as keys.txt.)
- Import the key file into GPG:
gpg --import keys.txt
- Download the .asc file
- Verify the .asc file matches the zipped release candidate. In general:
...
gpg --verify file1.asc file2.zip
...
gpg --verify 'apache-taverna- ... -source-release.zip.asc' 'apache-taverna- ... -source-release.zip'
...
...
AFTER you unzip the release candidate, but BEFORE you build
...