Apache ShenYu is released as source code tarballs with corresponding binary tarballs for convenience.
The downloads are distributed via mirror sites and should be checked for tampering using GPG or SHA-512.
Find all releases in the Archive repository.
It is essential that you verify the integrity of the downloaded files using the PGP or SHA signatures. The PGP signatures can be verified using GPG or PGP. Please download the KEYS as well as the asc signature files for relevant distribution. It is recommended to get these files from the main distribution directory and not from the mirrors.
gpg --import KEYS
pgpk -a KEYS
pgp -ka KEYS
To verify the binaries/sources you can download the relevant asc files for it from main distribution directory and follow the below guide.
gpg --verify apache-shenyu-********.asc apache-shenyu-*********
Apache ShenYu provides a packaged and downloaded