Apache Lucy search engine library, release 0.6.2
Apache Clownfish symbiotic object system, release 0.6.3
Verifying downloaded files
After downloading release files from a mirror, please check the MD5 and SHA checksums as well as verifying the OpenPGP compatible signature available from the main Apache download site. The KEYS file contains the public keys used for signing release. It is recommended that a web of trust is used to confirm the identity of these keys.
To verify the OpenPGP signature:
$ gpg --import KEYS
$ gpg --verify apache-lucy-X.Y.Z.tar.gz.asc
or
$ pgpk -a KEYS
$ pgpv apache-lucy-X.Y.Z.tar.gz.asc
or
$ pgp -ka KEYS
$ pgp apache-lucy-X.Y.Z.tar.gz.asc
To verify the MD5 checksum, compare the output of a local checksumming command against the contents of the .md5 file:
$ gpg --print-md MD5 apache-lucy-*.tar.gz
$ cat apache-lucy-*.tar.gz.md5
To verify the SHA512 checksum, use the same comparison technique:
$ gpg --print-md SHA512 apache-lucy-*.tar.gz
$ cat apache-lucy-*.tar.gz.sha
Copyright © 2010-2015 The Apache Software Foundation, Licensed under the
Apache License, Version 2.0.
Apache Lucy, Lucy, Apache, the Apache feather logo, and the Apache Lucy project logo are trademarks of The
Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their
respective owners.