When trying to use `sha256sum --check` to verify the tar.gz I get the following: % sha256sum --check httpd-2.4.51.tar.gz.sha256 sha256sum: httpd-2.4.51-rc1.tar.gz: No such file or directory httpd-2.4.51-rc1.tar.gz: FAILED open or read sha256sum: WARNING: 1 listed file could not be read % cat httpd-2.4.51.tar.gz.sha256 c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 *httpd-2.4.51-rc1.tar.gz As can be seen, the filename listed in the signature file is wrong. If anyone is doing automated signature verification, that is going to fail for no reason as the signature is correct, only the filename is wrong. This is also true for the tar.bz2 signature.
Thanks for noticing and coming back to us! That was an omission in our release scripts that has been fixed now. I also updated the .sha* files on the distribution server. Kind Regards, Stefan