Version 0.4.3 (Feb 9, 2014)
Sources (gzip) src weechat-0.4.3.tar.gz (2.8 MB, sha1: 2bb088c68d0c98d91739ec4575637230fabbc951, gpg sig)
Sources (bzip2) src weechat-0.4.3.tar.bz2 (2.0 MB, sha1: c9043ae4df8057c1410eeaf4c5c8818e97963e16, gpg sig)
About release
Release notes doc ReleaseNotes-0.4.3.html

Checking the signatures

  • Import the gpg key:
    $ gpg --keyserver wwwkeys.pgp.net --recv-keys DEC408F8
  • Display the fingerprint:
    $ gpg --fingerprint DEC408F8
  • Check that the fingerprint is correct by asking to a developer on #weechat (irc.freenode.net).
  • Trust the key:
    $ gpg --edit-key DEC408F8
    $ trust
  • In directory with package + signature:
    $ gpg --verify weechat-X.Y.Z.tar.gz.asc
  • If the signature is OK you should see a message like this one:
    gpg: Signature made Sat 20 Oct 2012 07:36:35 PM CEST using RSA key ID DEC408F8
    gpg: Good signature from "WeeChat (signing key) <webmaster@weechat.org>"