ASF Infra Download Integrity Checker

Clone this repo:


  1. 0d9924e Typos by sebbASF · 1 year, 9 months ago main
  2. 4279207 Another TODO by Sebb · 1 year, 10 months ago
  3. 73cfc67 Update docs by Sebb · 1 year, 10 months ago
  4. 54ffdba Merge pull request #3 from apache/patch-gnupg-plugin by sebbASF · 1 year, 10 months ago
  5. b51882c Indicate unused by Sebb · 1 year, 10 months ago

Download Integrity Checker for ASF Infra

This service runs as a Pipservice and verifies download artifacts using their accompanying checksums and detached signatures, as per our release distribution policies ( outlined at ).

When a mismatch is detected, projects (and infra) are notified of this via email.


  • check all directories and files for errors in sigs and hashes (not just some extensions)
  • where a project has multiple KEYS files, use the appropriate (closest) one only for checking