ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André-John Mas <andrejohn....@gmail.com>
Subject Re: ant, ivy download
Date Fri, 24 Apr 2015 01:47:23 GMT
Hi Benjamin,

Just note, that you only need to check the PGP signatures if you have a doubt about the validity
of the zip files or that you like being extra sure. 
You can use the zip files without the extra step. 

André-John

Sent from my phone. Envoyé depuis mon téléphone. 

> On 23 Apr 2015, at 21:00, Benjamin Spero <benspero@yahoo.com.INVALID> wrote:
> 
> Thank you for your help.  I have something to ask.  I just want to make sure I’m doing
the right thing since I’m new to Apache.  When downloading OpenPGP, I’m going to the site
 gnupg.org/download.  I’m using a Mac.  Under GnuPG Binary Releases, after clicking on GnuPG
for OS X  there are 2 files, DMG file and signature file.  Is it just the signature file I
download?
> 
> Thank you,
> Ben
> 
> 
>> On Apr 18, 2015, at 4:05 PM, Stefan Bodewig <bodewig@apache.org> wrote:
>> 
>>> On 2015-04-18, Benjamin Spero wrote:
>>> 
>>> I would like to download the latest version of the ant and ivy
>>> projects.  If I download from the source distribution do I get all the
>>> source code?
>> 
>> Yes, you get everything you need to build Ant or Ivy yourself if you
>> follow the respective build instructions.
>> 
>>> Do I need to verify the integrity of the downloaded files?
>> 
>> What we've put on our download page is a general recomendation for any
>> download of software, You should be totally sure you are installing
>> what you expect it to be. We offer PGP signatures as a means to
>> verifythe download hasn't been corrupted.
>> 
>>> I was trying to follow the instructions.  After clicking on KEYS and
>>> saving the PGP KEYS page how do I apply it to the downloaded ant and
>>> ivy files to check the integrity?  I forgot to mention I will be
>>> downloading this on a Mac.
>> 
>> You need an OpenPGP implementation for your platform - most likely
>> GnuPG.  With the first command of the instructions you import the KEYS
>> file (that you should have retrieved via HTTPs directly from an ASF
>> server, not a mirror), after that PGP/GnuPG knows the key that we have
>> used to sign the files.  For the second step you need to download the
>> PGP signature file next to the source archive and then you use PGP/GnuPG
>> to verify the signature.
>> 
>> Stefan
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
>> For additional commands, e-mail: dev-help@ant.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
> For additional commands, e-mail: dev-help@ant.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message