Welcome to the NetCologne GmbH open source mirroring service!

This machine mirrors various open-source projects and has 4 Gbit/s uplink.

If there are any issues or you want another project mirrored, please contact mirror-service -=AT=- netcologne DOT de !

Download from your nearest mirror site!

Do not download from www.apache.org. Please use a nearby mirror site to help us save apache.org bandwidth.

PGP/GPG Signatures

All of the release distribution packages have been digitally signed (using PGP or GPG) by the ASF committers that constructed them.
There will be an accompanying distribution.asc file in the same directory as the distribution.
The PGP/GPG keys can be found at the MIT key repository and within this project's KEYS file at https://www.apache.org/dist/commons/KEYS

Always use the signature to validate package authenticity, e.g.,
$ pgpk -a KEYS
$ pgpv commons-logging-1.2-bin.tar.gz.asc
$ pgp -ka KEYS
$ pgp commons-logging-1.2-bin.tar.gz.asc
$ gpg --import KEYS
$ gpg --verify commons-logging-1.2-bin.tar.gz.asc commons-logging-1.2-bin.tar.gz

See also Verifying Apache Software Foundation Releases

We also offer MD5/SHA hashes as an alternative to validate the integrity of the downloaded files. See the distribution.md5/.sha1 files.
Note that such hashes are only useful as a check that the file has been downloaded OK. They do not provide any guarantee that the downloaded file is authentic.