DOCSP-54082 Fixes Verify Packages (#14694)

Author: kennethdyer

content/manual/manual/source/includes/steps-install-verify-files-pgp.yaml

@@ -43,18 +43,19 @@ stepnum: 3
 ref: download-key-file
 action:
  - pre: |
-     If you have not downloaded and imported the MongoDB {+version+} public key,
-     run these commands:
+     The MongoDB 8.2 package download is verified using the
+     MongoDB 8.0 public key. If you have not downloaded and imported
+     the MongoDB 8.0 public key, run these commands:
    language: sh
    copyable: true
    code: |
-     curl -LO https://pgp.mongodb.com/server-{+version+}.asc
-     gpg --import server-{+version+}.asc
+     curl -LO https://pgp.mongodb.com/server-8.0.asc
+     gpg --import server-8.0.asc
  - pre: |
      PGP should return this response:
    language: sh
    code: |
-     gpg: key {+rsa-key+}: "MongoDB {+version+} Release Signing Key <packaging@mongodb.com>" imported
+     gpg: key {+rsa-key+}: "MongoDB 8.0 Release Signing Key <packaging@mongodb.com>" imported
      gpg: Total number processed: 1
      gpg:               imported: 1
 ---
@@ -80,7 +81,7 @@ action:
    code: |
      gpg: Signature made Wed Jun  5 03:17:20 2019 EDT
      gpg:                using RSA key {+rsa-key+}
-     gpg: Good signature from "MongoDB {+version+} Release Signing Key <packaging@mongodb.com>" [unknown]
+     gpg: Good signature from "MongoDB 8.0 Release Signing Key <packaging@mongodb.com>" [unknown]
  - pre: |
      If the package is
      properly signed, but you do not currently trust the signing key

content/manual/manual/source/tutorial/verify-mongodb-packages.txt

@@ -22,3 +22,41 @@ Verify Integrity of MongoDB Packages
    :class: singlecol
 
 .. include:: /includes/minor-release.rst
+
+.. include:: /includes/unicode-checkmark.rst
+
+The MongoDB release team digitally signs all software packages to
+certify that a particular MongoDB package is a valid and unaltered
+MongoDB release. Before installing MongoDB, you should validate the 
+package using either the provided PGP signature or SHA-256 checksum.
+
+PGP signatures provide the strongest guarantees by checking both the
+authenticity and integrity of a file to prevent tampering.
+
+Cryptographic checksums only validate file integrity to prevent network
+transmission errors.
+
+Verify Linux/macOS Packages
+---------------------------
+
+Use PGP/GPG
+~~~~~~~~~~~
+
+MongoDB signs each release branch with a different PGP key. The public 
+key files for each release branch are available for download from the 
+`key server <https://pgp.mongodb.com/>`_ in both textual ``.asc`` and binary 
+``.pub`` formats.
+
+.. include:: /includes/steps/install-verify-files-pgp.rst
+
+Use SHA-256
+~~~~~~~~~~~
+
+.. include:: /includes/steps/install-verify-files-sha.rst
+
+Verify Windows Packages
+-----------------------
+
+The following procedure verifies the MongoDB binary against its SHA256 key.
+
+.. include:: /includes/steps/install-verify-files-windows.rst

content/manual/upcoming/source/tutorial/verify-mongodb-packages.txt

@@ -24,3 +24,4 @@ Verify Integrity of MongoDB Packages
 .. include:: /includes/rc-available.rst
 
 .. include:: /includes/minor-release.rst
+

content/table-of-contents/L2-data/on-prem.ts

@@ -166,12 +166,6 @@ const tocData: TocItem[] = [
           },
         ],
       },
-      {
-        label: "Verify Package Integrity",
-        contentSite: "docs",
-        url: "/docs/:version/tutorial/verify-mongodb-packages",
-        versions: { excludes: ["upcoming"] },
-      },
       {
         label: "Verify Package Integrity",
         contentSite: "docs",