...
When downloading from a mirror please check the SHA1/MD5 checksums as well as it is recommended to verify the integrity of the downloads. This should preferably be done by verifying the OpenPGP compatible signature available from the main Apache site. The KEYS file contains the public keys used for signing the release. It is recommended that a web of trust is used to confirm the identity of these keys.
...
Code Block |
---|
gpg --import KEYS gpg --verify apache-fediz-*.zip.asc |
You can check It is also possible to verify the integrity of the downloads using the SHA1 checksum with:
Code Block |
---|
sha1sum --check apache-fediz-*.zip.sha1 |
...