README.md
<h2>Documentation</h2>

<p><a href="https://docs.couchdb.org/en/stable">Apache CouchDB documentation</a>.</p>

<h2>Release Notes</h2>

<p>A set of <a href="https://docs.couchdb.org/en/stable/whatsnew/index.html">release notes</a> is issued for every Apache CouchDB source release.</p>

<h2>Binary Packages</h2>

<p>The binary packages are provided for your convenience only.</p>

<p>They have not been voted on and do not consititue an official Apache CouchDB release.</p>

<h2>Source Releases</h2>

<p>The official Apache CouchDB source releases are voted on by the community and are approved by the PMC.</p>

<h2>Verifying Downloads</h2>

<p>When downloading from a mirror please check the
<a href="http://www.apache.org/dev/release-signing#md5">MD5</a> and
<a href="http://www.apache.org/dev/release-signing#sha-checksum">SHA</a>
checksums as well as verifying the
<a href="http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
compatible signature available from the main Apache site. The
<a href="http://www.apache.org/dist/couchdb/KEYS">KEYS</a>
file contains the public keys used for signing release. It is recommended
that a <a href="http://www.apache.org/dev/release-signing#web-of-trust">web
of trust</a> is used to confirm the identity of these keys.</p>

<p>You can check the OpenPGP signature with:</p>

<blockquote>
<code>gpg --verify apache-couchdb-*.tar.gz.asc</code>
</blockquote>

<p>You can check the MD5 checksum with:</p>

<blockquote>
<code>md5sum --check apache-couchdb-*.tar.gz.md5</code>
</blockquote>

<p>You can check the SHA checksum with:</p>

<blockquote>
<code>sha1sum --check apache-couchdb-*.tar.gz.sha</code>
</blockquote>