MonetDB Download Area
Name Last modified Size Description
Parent Directory - MonetDB-GPG-KEY 2017-08-03 12:28 6.6K MonetDB public key testing/ 2018-10-11 12:42 - MonetDB release candidates sources/ 2018-10-05 16:04 - MonetDB source distributions ruby/ 2016-09-14 14:18 - epel/ 2018-10-05 16:05 - MonetDB EPEL (Red Hat, CentOS, Scientific Linux) RPMs & YUM repository deb/ 2018-10-05 14:05 - MonetDB Debian and Ubuntu repository archive/ 2015-10-20 13:05 - Old MonetDB distributions Windows/ 2018-08-31 16:42 - MonetDB Windows installers Solaris/ 2018-08-31 16:39 - MonetDB Solaris installers (obsolete) Python/ 2017-10-25 13:34 - Perl/ 2016-12-21 14:06 - PHP/ 2016-12-21 14:06 - MacOSX/ 2018-08-31 13:08 - MonetDB Mac OS X installers Java/ 2018-05-24 11:02 - MonetDB Java interfacing: JDBC driver & JdbcClient app Java-Experimental/ 2018-10-03 17:20 - MonetDB Java interfacing: JDBC driver & JdbcClient app FreeBSD/ 2018-08-31 16:39 - MonetDB FreeBSD installers (obsolete) Fedora/ 2018-10-05 15:40 - MonetDB Fedora RPMs & YUM repository
In various directories there is a file SHA256SUM which contains the sha256 checksum of the files in that directory. This SHA256SUM file is signed using the key of which the public part is available in the file MonetDB-GPG-KEY.
Starting August 2017, i.e. releases after the
Jul2017-SP1 release, new signatures will be created using a new
key with key ID
0xDF0E54F3. Both the old and the
new key are in the above mentioned file. The old key has key
The keys are also available from keyservers:
gpg --recv-key 0x0583366F 0xDF0E54F3
You should check the fingerprint of the keys:
gpg --fingerprint 0x0583366F 0xDF0E54F3
The fingerprint are:
213E 64DC D5DD C2C0 63CC 39FD 053C
3ED4 0583 366F for the old key (key
8289 A5F5 75C4 9F50 22F8
EE20 F654 63E2 DF0E 54F3 for the new key (key
You can then download the SHA256SUM file and check that it hasn't been tampered with:
gpg --verify SHA256SUM
Among other output, you should see the message
gpg: Good signature from "MonetDB Database System Packager <firstname.lastname@example.org>"
gpg: Good signature from "MonetDB Database System Packager <email@example.com>"
You should also see the message that the signature was made using the DSA key ID 0583366F or RSA key ID DF0E54F3 (the old and new key ID).
After this, you can verify that the downloaded files are correct:
sha256sum --check SHA256SUM
For all files you downloaded, you should see the name of the file followed by the word "OK".
In addition, all RPM files and DEB packages are also signed with one of the keys. See the Fedora, epel (for Enterprise Linux), and deb (for Debian and Ubuntu) directories for more details.
Further information about the "Aug2018" release is available in the release notes.