Update some URLs & expand on PGP keys

[exim-website.git] / templates / web / mirrors.xsl

diff --git a/templates/web/mirrors.xsl b/templates/web/mirrors.xsl
index 98eb05977b6624a65f6dbb61022d2773cdcb97cb..f1a7d876e15a8754e352e5208afdbcaa4081fb47 100644 (file)
--- a/templates/web/mirrors.xsl
+++ b/templates/web/mirrors.xsl
@@ -30,9 +30,13 @@
                                <p>
                                        <xsl:text>Exim is available from a number of FTP sites. It may also be supplied on some GNU CDs or with other software distributions. Further information on the binary and OS distributions can be found in the </xsl:text>
                                        <a href="https://wiki.exim.org/ObtainingExim">Exim Wiki.</a>
-                                       If the mirrors do not work for you, you can download the tarballs from the
-                                       <a href="https://ftp.exim.org/pub/exim/exim4/">origin.</a>.
-                                       <xsl:text>.</xsl:text>
+
+                                       <xsl:text>If the mirrors do not work for you, you can download the tarballs from the </xsl:text>
+                                       <a href="https://downloads.exim.org/exim4/">origin.</a>.
+
+                                       <xsl:text>If we published maintenance releases you can find the tarballs
+                                       in the </xsl:text>
+                                       <a href="https://downloads.exim.org/exim4/fixes/">fixes</a><xsl:text> directory</xsl:text>
                                </p>
 
             <h3>Exim Mirror Sites</h3>
@@ -49,11 +53,17 @@
 
            <h3>Verification of Downloads</h3>
 
-           All published Tarballs are signed. The signatures are created with keys belonging to the developers:
-           <a href="{$staticroot}/keys/jgh@wizmail.org.asc">Jeremy Harris</a>,
-           <a href="{$staticroot}/keys/phil.pennock@spodhuis.org.asc">Phil Pennock</a>, or
-           <a href="{$staticroot}/keys/hs@schlittermann.de.asc">Heiko Schlittermann</a>. (Please crosscheck these keys
-           with keys you can find at other sources.)
+           <p>
+           All published tarballs are cryptographically signed with an OpenPGP implementation (such as GnuPG).
+           The signatures are distributed alongside the tarballs.
+           The signatures are created with keys belonging to the developers.
+           The keys can be found in our
+           <a href="https://downloads.exim.org/Exim-Maintainers-Keyring.asc">maintainers keyring</a>.
+           (Please crosscheck these keys with keys you can find at other sources.)
+           </p>
+           <p>
+           The exim.org domain supports <a href="https://wiki.gnupg.org/WKD">the WKD mechanism</a> for OpenPGP key retrieval.
+           </p>
 
             <h3>Mirroring Exim</h3>
 
@@ -64,9 +74,11 @@
 
            <p>If you prefer tracking our commits to the source tree directly via Git:
            <ul>
-               <li> Main Git Repository: <code>git://git.exim.org/exim.git</code></li>
-               <li> Mirror at GitHub <a href="https://github.com/Exim/exim.git">https://github.com/Exim/exim.git</a></li>
+               <li>Main Git Repository: <code>git://git.exim.org/exim.git</code></li>
+               <li>Web interface: <a href="https://git.exim.org/exim.git">https://git.exim.org/exim.git</a></li>
+               <li>Mirror at GitHub <a href="https://github.com/Exim/exim.git">https://github.com/Exim/exim.git</a></li>
            </ul>
+           All releases get a signed Git tag.
            </p>
 
            </xsl:template>