Download

Integrity Check

There are hashes (MD5, SHA1 and SHA256) of the download packages stored in the digests file. In order to check the integrity of the downloaded file, use a tool like md5sum (or sha1sum, sha256sum accordingly), e.g.:

$ md5sum -c gensaschema-0.5.2.digests
gensaschema-0.5.2.tar.bz2: OK
gensaschema-0.5.2.tar.gz: OK
gensaschema-0.5.2.tar.xz: OK
gensaschema-0.5.2.zip: OK

In order to check the integrity of the digest file itself, you can check the PGP signature of that file. The file is signed by André Malo, Key-ID 0x8103A37E:

$ gpg --verify gensaschema-0.5.2.digests
gpg: Signature made Sun May  1 23:04:18 2016 CEST using DSA key ID 8103A37E
gpg: Good signature from "Andre Malo <nd@apache.org>"
gpg:                 aka "Andr\xe9\x20Malo <nd@perlig.de>"
gpg:                 aka "Andre Malo <ndparker@gmx.net>"