Apache Lucy search engine library, release 0.6.2
Apache Clownfish symbiotic object system, release 0.6.3
Verifying downloaded files
After downloading release files from a mirror, please check the MD5 and SHA checksums as well as verifying the OpenPGP compatible signature available from the main Apache download site. The KEYS file contains the public keys used for signing release. It is recommended that a web of trust is used to confirm the identity of these keys.
To verify the OpenPGP signature:
$ gpg --import KEYS $ gpg --verify apache-lucy-X.Y.Z.tar.gz.asc or
$ pgpk -a KEYS $ pgpv apache-lucy-X.Y.Z.tar.gz.asc or
$ pgp -ka KEYS $ pgp apache-lucy-X.Y.Z.tar.gz.asc To verify the MD5 checksum, compare the output of a local checksumming command against the contents of the .md5 file:
$ gpg --print-md MD5 apache-lucy-*.tar.gz $ cat apache-lucy-*.tar.gz.md5 To verify the SHA512 checksum, use the same comparison technique:
$ gpg --print-md SHA512 apache-lucy-*.tar.gz $ cat apache-lucy-*.tar.gz.sha Copyright © 2010-2015 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
Apache Lucy, Lucy, Apache, the Apache feather logo, and the Apache Lucy project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.