Do not download from www.apache.org. Please use a mirror site to help us save apache.org bandwidth. Go here to find your nearest mirror.
The latest APR project status, including current releases, is published at https://apr.apache.org/.
All of the release distribution packages have been digitally signed (using PGP or GPG) by the ASF committers that constructed them. There will be an accompanying distribution.asc file in the same directory as the distribution. The PGP/GPG keys can be found at the MIT key repository and within this project's KEYS file.
Always signatures to validate package authenticity, e.g., $ pgpk -a KEYS $ pgpv apr-1.0.1.tar.gz.asc or, $ pgp -ka KEYS $ pgp apr-1.0.1.tar.gz.asc or $ gpg --verify apr-1.0.1.tar.gz.asc
We also offer MD5 and SHA1 hashes as an alternative to validate the integrity of the downloaded files. An MD5 hash consists of a 32 character string (example: d41d8cd98f00b204e9800998ecf8427e), and a SHA1 hash consists of a 40 character string (example: da39a3ee5e6b4b0d3255bfef95601890afd80709). See the hash inside each distribution.md5 and distribution.sha1 file for each distribution.