Getting the source code
The most current stable source code for XML::Xerces can be downloaded from here
Previous releases are available from the archives
Verifying the release
The current XML::Xerces maintainer, Jason E. Stewart (firstname.lastname@example.org), signs every release with his GnuPG public key. This is to help you ensure that you are installing only officially sanctioned code, from the official maintainer. By downloading the source code and signature from one location (possibly open to attack) and the public key from an official key server, you greatly reduce the chance of installing software that is dangerous to you.
Getting the Public key
Using PGP to verify the code
- Add the key to your keyring: pgpk -a key_file
- Verify the source code file pgpv XML-Xerces-X.Y.Z XML-Xerces-X.Y.Z.asc
- If you receive any other response than: Good signature, something went wrong, so don't trust the file.
Using GnuPG to verify the code
- Import the key to your keyring: gpg --import key_file
- Verify the source code file gpg --verify XML-Xerces-X.Y.Z XML-Xerces-X.Y.Z.asc
- If you receive any other response than: gpg: Good signature, something went wrong, so don't trust the file.