xml-general-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jas...@apache.org
Subject cvs commit: xml-site/sources/xerces-p download.xml ChangeLog
Date Sun, 08 Jul 2001 23:29:15 GMT
jasons      01/07/08 16:29:15

  Modified:    sources/xerces-p ChangeLog
  Added:       sources/xerces-p download.xml
  Log:
  	* download.xml (Repository):
  	new info on digital signatures
  
  Revision  Changes    Path
  1.2       +5 -0      xml-site/sources/xerces-p/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/xml-site/sources/xerces-p/ChangeLog,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- ChangeLog	2001/03/27 05:49:35	1.1
  +++ ChangeLog	2001/07/08 23:29:14	1.2
  @@ -1,3 +1,8 @@
  +2001-07-08  Jason E. Stewart  <jason@openinformatics.com>
  +
  +	* download.xml (Repository): 
  +	new info on digital signatures
  +
   2001-03-26  Jason E. Stewart  <jason@openinformatics.com>
   
   	* releases.xml (Repository): 
  
  
  
  1.1                  xml-site/sources/xerces-p/download.xml
  
  Index: download.xml
  ===================================================================
  <?xml version="1.0" standalone="no"?>
  <!DOCTYPE s1 SYSTEM "sbk:/style/dtd/document.dtd">
  
  <s1 title="Downloading Xerces.pm">
    <s2 title="Getting the source code">
      <p> The most current stable source code for Xerces.pm can be
      downloaded from <jump
      href="http://xml.apache.org/dist/xerces-p/stable/"> here </jump>
      </p>
    </s2>
  
    <s2 title="Verifying the release">
      <p> The current Xerces.pm maintainer, Jason E. Stewart
        (<jump
        href="mailto:jasons@apache.org">jasons@apache.org</jump>), signs
        every release with his <jump
        href="http://www.gnupg.org/">GnuPG</jump> public key. This is to
        help you ensure that you are installing only officially
        sanctioned code, from the official maintainer. By downloading
        the source code and signature from one location (<jump
        href="http://www.apache.org/info/20010519-hack.html">possibly
        open to attack</jump>) and the public key from an official key
        server, you greatly reduce the chance of installing software
        that is dangerous to you.
      </p>
  
      <s3 title="Getting the Public key">
        <p> You can use any keyserver you wish, such as <jump
        href="http://www.keyserver.net/">www.keyserver.net</jump>, and
        search for <em>jasons@apache.org</em> or you can get the
        key<jump
        href="http://dtype.org:11371/pks/lookup?search=jasons%40apache.org&amp;op=index">
        here </jump>.
        </p>
      </s3>
      <s3 title="Using PGP to verify the code">
        <ol>
  	<li>Add the key to your keyring: <code>
  pgpk -a key_file
  </code></li>
  	<li>Verify the source code file <code>
  pgpv XML-Xerces-X.Y.Z XML-Xerces-X.Y.Z.asc
  </code></li>
  	<li>If you receive any other response than: <em>Good
  	    signature</em>, something went wrong, so don't trust the
  	    file.
  	</li>
        </ol>
      </s3>
      <s3 title="Using GnuPG to verify the code">
        <ol>
  	<li>Import the key to your keyring: <code>
  gpg --import key_file
  </code></li>
  	<li>Verify the source code file <code>
  gpg&nbsp;--verify&nbsp;XML-Xerces-X.Y.Z&nbsp;XML-Xerces-X.Y.Z.asc
  </code></li>
  	<li>If you receive any other response than: <em>gpg: Good
  	signature</em>, something went wrong, so don't trust the
  	file. 
  	</li>
        </ol>
      </s3>
    </s2>
  </s1>
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: general-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: general-cvs-help@xml.apache.org


Mime
View raw message