Spoiler: Verification Last commit to SpigotMC/Spigot: 25b4191f0ff904b2c413f16a09a156f7973221b4

Build #1649 (1.7 to 1.8 protocol, based on 1.7.10): f2edc09c45b1f80237602dc0d1b05969

Build #1627 (1.7.10): 4cced3f71de1bf4c6caccd74e1186f35

Build #1543 (1.7.9): 291669acb4eb8626e0341a988a6ee1e3

Build #1433 (1.7.8): 7e2e6bb626013368b134212a5ec76aa1

Build #1387 (1.7.8 protocol, based on 1.7.5): 76ad1a9809a014d3adc70ad39fb8e610

Build #1371 (1.7.5): a20dcdaf01017fbd4203f9595c813110

Build #1339 (1.7.2): 6685f2f76bf77e4db785fb32edbd313c



In order to verify any git repository downloads, the current HEAD should match the sha1sum provided. This can be verified with the “git rev-parse HEAD” command. For all other jar downloads, the md5 checksum of the jar should match that provided. This can be verified with the “md5sum” command on Linux.

Obviously with the removal of many of our resources, there is going to be all sorts of stuff floating around on the internet. As such we would like to provide some verification of several crucial items provided by our project in the hopes that server owners will be safe, should they manage to find alternate download sources.