Downloading Flume
Let's download Flume from http://flume.apache.org/. Look for the download link in the side navigation. You'll see two compressed tar archives, available along with checksum and gpg signature files used to verify the archives. Instructions for verifying the download are on the website so I won't cover them here. Checking the checksum file contents against the actual checksum verifies that the download was not corrupted. Checking the signature file validates that all the files you are downloading (including the checksum and signature) came from Apache and not someplace nefarious. Do you really need to verify your downloads? In general it is a good idea and it is recommended by Apache that you do so. If you choose not to, I won't tell.
The binary distribution archive has bin
in the name and the source archive is marked with src
. The source archive contains just the Flume source code. The binary distribution is much larger because it contains not just the Flume source and the...