Version 4.5.2 ()

Packages:
Checking the signatures:
  • Check the key fingerprint by checking the topic on #weechat channel (irc.libera.chat) or by asking to a developer.
  • Import the PGP key:
    $ gpg --keyserver hkps://keys.openpgp.org --recv-keys A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
    In case of problem, the release signing key (format: PGP public key) can be downloaded here: binary / ASCII
  • Trust the key:
    $ gpg --edit-key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
    gpg> trust
  • In directory with package + signature:
    $ gpg --verify weechat-4.5.2.tar.xz.asc weechat-4.5.2.tar.xz
  • If the signature is OK you should see a message like this one:
    gpg: Signature made Thu 20 Feb 2025 11:41:27 PM CET
    gpg:                using RSA key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
    gpg: Good signature from "WeeChat (signing key) <webmaster@weechat.org>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: A9AB 5AB7 78FA 5C35 22FD  0378 F82F 4B16 DEC4 08F8