The directories listed below contain current releases from Apache Incubator projects ("podlings"). Older releases are archived.
To find the complete download and installation instructions and other information for a particular project, start at the project's own webpage. Find them via Incubator projects listing, rather than browsing the directories below.
Each Apache Incubator podling is an effort undergoing incubation at The Apache Software Foundation (ASF). Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.
Please visit and contribute to Incubator projects and assist them to mature.
Verify md5sums and PGP/GPG signatures of all downloaded artefacts.
Save apache.org bandwidth: If you are currently at apache.org and would like to browse, please instead visit a nearby mirror site.
It is essential that you verify the integrity of the downloaded files using the MD5 and PGP signatures. MD5 verification ensures the file was not corrupted or tampered with. PGP verification ensures that the file came from a certain person.
Each project will probably have its own instructions on its download page. If not, then the following notes will help.
The PGP signatures can be verified using
GPG. First download the project's
KEYS file as well as the
*.asc signature file for the particular artefact. It is
important that you get these files from the ultimate trusted source - the
main ASF distribution site, rather than from a mirror. Then verify the
signatures using ...
% pgpk -a KEYS % pgpv apache-podling-X.Y-incubating-src.tar.gz.asc or % pgp -ka KEYS % pgp apache-podling-X.Y-incubating-src.tar.gz.asc or % gpg --import KEYS % gpg --verify apache-podling-X.Y-incubating-src.tar.gz.asc
To verify the MD5 checksum on the files, you need to use a program called
md5sum, which is included in many unix
distributions. It is also available as part of
Textutils. Windows users can get binary md5 programs from
here or an openssl client
% md5sum apache-podling-X.Y-incubating-src.tar.gz ... output should match the string in apache-podling-X.Y-incubating-src.tar.gz.md5
We strongly recommend that you verify your downloads with both PGP and MD5.