<h2><a name="mirrors">Download from your
<a href="https://apr.apache.org/download.cgi">nearest mirror site</a></a></h2>

<p>
Do not download from www.apache.org. Please use a mirror site
to help us save apache.org bandwidth.
<a href="https://apr.apache.org/download.cgi">Go
here to find your nearest mirror.</a>
</p>

<h2><a name="status"><a href="https://apr.apache.org/index.html">APR Release Status</a></a></h>
<p>
The latest APR project status, including current releases, is published
at <a href="https://apr.apache.org/">https://apr.apache.org/</a>.
</p>

<h2><a name="sig">PGP/GPG Signatures</a></h2>

<p>
All of the release distribution packages have been digitally
signed (using PGP or GPG) by the ASF committers that constructed
them. There will be an accompanying
<tt><var>distribution</var>.asc</tt> file in the same directory
as the distribution. The PGP/GPG keys can be found at the MIT key
repository and within this project's <a
href="KEYS">KEYS file</a>.
</p>

<pre>Always signatures to validate package authenticity, <i>e.g.</i>,
$ pgpk -a KEYS
$ pgpv apr-1.0.1.tar.gz.asc
<i>or</i>,
$ pgp -ka KEYS
$ pgp apr-1.0.1.tar.gz.asc
<i>or</i>
$ gpg --verify apr-1.0.1.tar.gz.asc
</pre>

<p>
We also offer MD5 and SHA1 hashes as an alternative to validate the
integrity of the downloaded files. An MD5 hash consists of a 32
character string (example: <i>d41d8cd98f00b204e9800998ecf8427e</i>),
and a SHA1 hash consists of a 40 character string (example:
<i>da39a3ee5e6b4b0d3255bfef95601890afd80709</i>). See the hash inside
each <tt><var>distribution</var>.md5</tt> and
<tt><var>distribution</var>.sha1</tt> file for each distribution.
</p>