Version 0.3.5 ()

Warning: the version 0.3.5 has one or more vulnerabilities, it is not recommended to use it. Vulnerabilities fixed in versions:, 0.4.1, 1.7.1, 1.9.1.

Checking the signatures:
  • Import the gpg key:
    $ gpg --keyserver hkps:// --recv-keys A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
  • Display the fingerprint:
    $ gpg --fingerprint A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
  • Check that the fingerprint is correct by asking to a developer on #weechat (
  • Trust the key:
    $ gpg --edit-key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
    gpg> trust
  • In directory with package + signature:
    $ gpg --verify weechat-0.3.5.tar.xz.asc weechat-0.3.5.tar.xz
  • If the signature is OK you should see a message like this one:
    gpg: Signature made Sat 20 Oct 2012 07:36:35 PM CEST using RSA key ID DEC408F8
    gpg: Good signature from "WeeChat (signing key) <>"