5.2.2 release, plus a note about SHA256. doh!
diff --git a/content/downloads/downloads.html b/content/downloads/downloads.html
index 0a42b8f..8398814 100644
--- a/content/downloads/downloads.html
+++ b/content/downloads/downloads.html
@@ -85,7 +85,7 @@
<p><strong><a href="http://www.apache.org/dyn/closer.cgi/roller/roller-5.2/v5.2.2/">Roller 5.2.2</a> ("best available")</strong></p>
<p>Previous source and binary distributions, including documentation, are available in the <a class="external" href="http://archive.apache.org/dist/roller/">Apache archives</a>.</p>
<p>Project releases are approved by vote of the Apache Roller Project Management Committee (PMC). Support for a release is provided by project volunteers on the project <a href="https://cwiki.apache.org/confluence/display/ROLLER/How+to+ask+for+help">mailing lists</a>. Bugs found in a release may be discussed on the list and reported through the <a href="https://issues.apache.org/jira/browse/ROL">issue tracker</a>. The user mailing list and issue tracker are the <strong>only</strong> support options hosted by the Apache Roller project.</p>
-<p>Note: When downloading from a mirror, please be sure to verify that checksums and signatures are correct. To do so, use the checksum and signature files from the main Apache site at <a class="external" href="http://archive.apache.org/dist/roller/"><a href="http://archive.apache.org/dist/roller/">http://archive.apache.org/dist/roller/</a></a><br/>Find here the KEYS file, which contains all OpenPGP keys we use to sign releases:<br/><a class="external" href="http://www.apache.org/dist/roller/"><a href="http://www.apache.org/dist/roller/">http://www.apache.org/dist/roller/</a></a></p>
+<p>Note: When downloading from a mirror, be sure to verify that checksums and/or signatures are correct. To do so, use the checksum and signature files from the main Apache site at <a class="external" href="http://www.apache.org/dist/roller/"><a href="http://www.apache.org/dist/roller/">http://www.apache.org/dist/roller/</a></a></p>
<p>The PGP signatures can be verified using PGP or GPG. First download the <a href="http://www.apache.org/dist/roller/KEYS">KEYS</a> as well as the <code>asc</code> signature file for the particular distribution. Make sure you get these files from the <a href="http://www.apache.org/dist/roller/">main distribution directory,</a> rather than from a mirror. Then verify the signatures using <code>pgpk</code> as follows:</p>
<pre><code>% pgpk -a KEYS
% pgpv ${filename }.tar.gz.asc
