<h2><a name="mirrors">Download from your
<a href="">nearest mirror site!</a></a></h2>

Do not download from Please use a mirror site
to help us save bandwidth.
<a href="">Go
here to find your nearest mirror.</a>

<h2><a name="sig">PGP/GPG Signatures</a></h2>

All of the release distribution packages have been digitally
signed (using PGP or GPG) by the ASF committers that constructed
them. There will be an accompanying
<tt><var>distribution</var>.asc</tt> file in the same directory
as the distribution. The PGP/GPG keys can be found at the MIT key
repository and within this project's KEYS file at <a

<pre>Always signatures to validate package authenticity, <i>e.g.</i>,
$ pgpk -a KEYS
$ pgpv commons-dbutils-1.8.1-bin.tar.gz.asc
$ pgp -ka KEYS
$ pgp commons.tar.gz.asc
$ gpg --verify commons-dbutils-1.8.1-bin.tar.gz.asc

We also offer MD5 hashes as an alternative to validate the
integrity of the downloaded files. See the
<tt><var>distribution</var>.md5</tt> files.