Browse our distribution archive or download the latest Cocoon distribution by selecting one of the links provided below. It is good practice to verify the integrity of the distribution files.
NOTE: Starting with 2.1 we will only release a source distribution. This issue was discussed on the developer list. Using this source distribution is really easy and avoids most of the common pitfalls of the binary distribution. See further explanation.
In addition to the above mentioned release and milestone distributions, you can also download the bleeding-edge code freshly extracted from our SVN repositories (snapshots are generated every six hours):
NOTE: The nightly SVN snapshots are not tested and are not guaranteed to even build cleanly without generating errors. Download and use them if (and only if) you know exactly what you are doing.
It is essential that you verify the integrity of the downloaded files using the PGP and SHA512 signatures. SHA512 verification ensures the file was not corrupted during the download process. PGP verification ensures that the file came from a certain person.
The PGP signatures can be verified using
PGP or
GPG.
First download the Apache Cocoon
KEYS
as well as the asc signature file for the particular
distribution. It is important that you get these files from the ultimate
trusted source - the main ASF distribution site, rather than from a mirror.
Then verify the signatures using ...
% pgpk -a KEYS % pgpv cocoon-X.Y.tar.gz.asc or % pgp -ka KEYS % pgp cocoon-X.Y.tar.gz.asc or % gpg --import KEYS % gpg --verify cocoon-X.Y.tar.gz.asc
To verify the SHA512 signature on the files, you need to use a program
called sha512sum, which is
included in many unix distributions.
We strongly recommend you verify your downloads with both PGP and SHA512.