Google Git
Sign in
apache / tvm-site / d0fd99362334b3729861106c141be507785b6b45^! / .
commitd0fd99362334b3729861106c141be507785b6b45[log] [tgz]
authorWuwei Lin <wuwei@apache.org>Thu Jan 06 18:59:41 2022 -0500
committerGitHub <noreply@github.com>Thu Jan 06 15:59:41 2022 -0800
tree60782d622bb31b2d49449e2ab6157373930f704f
parent983818547b34c918ffa2ddaa958065a54ccbbf3e [diff]
Update download page per Apache requirements (#35)


diff --git a/download.md b/download.md
index 47651db..5b61767 100644
--- a/download.md
+++ b/download.md

@@ -17,7 +17,7 @@
 
 | Version | Source | PGP | SHA |
 | ------- | ------ | --- | --- |
-| 0.8.0   | [apache-tvm-src-v0.8.0.tar.gz](https://dist.apache.org/repos/dist/release/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz) | [.asc](https://dist.apache.org/repos/dist/release/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz.asc) | [.sha512](https://dist.apache.org/repos/dist/release/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz.sha512) |
+| 0.8.0   | [apache-tvm-src-v0.8.0.tar.gz](https://downloads.apache.org/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz) | [.asc](https://downloads.apache.org/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz.asc) | [.sha512](https://downloads.apache.org/tvm/tvm-v0.8.0/apache-tvm-src-v0.8.0.tar.gz.sha512) |
 
 
 
@@ -25,7 +25,7 @@
 
 # Verify the Integrity of the Files
 
-It is essential that you verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.md5 or .sha file). Please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html) for more information on why you should verify our releases.
+It is essential that you verify the integrity of the downloaded file using the PGP signature (.asc file) or a hash (.sha512 file). Please read [Verifying Apache Software Foundation Releases](https://www.apache.org/info/verification.html) for more information on why you should verify our releases.
 
 The PGP signature can be verified using PGP or GPG. First download the [KEYS](https://downloads.apache.org/tvm/KEYS) as well as the .asc signature file for the relevant distribution. Make sure you get these files from the main distribution site, rather than from a mirror. Then verify the signatures using one of the following alternatives:
 
@@ -49,10 +49,10 @@
 Hashes can be calculated using GPG:
 
 ```bash
-$ gpg --print-md SHA1 downloaded_file
+$ gpg --print-md SHA512 downloaded_file
 ```
 
-The output should be compared with the contents of the SHA1 file. Similarly for other hashes (SHA512 MD5 etc) which may be provided.
+The output should be compared with the contents of the SHA512 file.
 
 Windows 7 and later systems should all now have certUtil:
 
@@ -60,4 +60,4 @@
 $ certUtil -hashfile pathToFileToCheck
 ```
 
-Unix-like systems (and macOS) will have a utility called `md5`, `md5sum` or `shasum`.
+Unix-like systems (and macOS) will have a utility called `shasum`.