ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André-John Mas <>
Subject Re: ant, ivy download
Date Fri, 24 Apr 2015 01:47:23 GMT
Hi Benjamin,

Just note, that you only need to check the PGP signatures if you have a doubt about the validity
of the zip files or that you like being extra sure. 
You can use the zip files without the extra step. 


Sent from my phone. Envoyé depuis mon téléphone. 

> On 23 Apr 2015, at 21:00, Benjamin Spero <> wrote:
> Thank you for your help.  I have something to ask.  I just want to make sure I’m doing
the right thing since I’m new to Apache.  When downloading OpenPGP, I’m going to the site  I’m using a Mac.  Under GnuPG Binary Releases, after clicking on GnuPG
for OS X  there are 2 files, DMG file and signature file.  Is it just the signature file I
> Thank you,
> Ben
>> On Apr 18, 2015, at 4:05 PM, Stefan Bodewig <> wrote:
>>> On 2015-04-18, Benjamin Spero wrote:
>>> I would like to download the latest version of the ant and ivy
>>> projects.  If I download from the source distribution do I get all the
>>> source code?
>> Yes, you get everything you need to build Ant or Ivy yourself if you
>> follow the respective build instructions.
>>> Do I need to verify the integrity of the downloaded files?
>> What we've put on our download page is a general recomendation for any
>> download of software, You should be totally sure you are installing
>> what you expect it to be. We offer PGP signatures as a means to
>> verifythe download hasn't been corrupted.
>>> I was trying to follow the instructions.  After clicking on KEYS and
>>> saving the PGP KEYS page how do I apply it to the downloaded ant and
>>> ivy files to check the integrity?  I forgot to mention I will be
>>> downloading this on a Mac.
>> You need an OpenPGP implementation for your platform - most likely
>> GnuPG.  With the first command of the instructions you import the KEYS
>> file (that you should have retrieved via HTTPs directly from an ASF
>> server, not a mirror), after that PGP/GnuPG knows the key that we have
>> used to sign the files.  For the second step you need to download the
>> PGP signature file next to the source archive and then you use PGP/GnuPG
>> to verify the signature.
>> Stefan
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message