All official releases of code distributed by the Apache Fineract Project are signed by a release manager. PGP signatures and cryptographic hash/checksum files are available alongside released software (source and binary archives) so anyone may ensure authenticity and integrity of the software. You should download the checksum and signature files directly from the Apache Software Foundation rather than from mirrors to help ensure their integrity. However, you are encouraged to download the (typically large) source and binary release release archives from mirrors. This all happens automatically if you use download links at https://fineract.apache.org#downloads.

See https://fineract.apache.org/docs/current/#_step_9_verify_distribution_staging for details on how to use signature and checksum files to verify our source and binary archives.

  • No labels