Version 0.3.9.1 ()

Warning: the version 0.3.9.1 has one or more vulnerabilities, it is not recommended to use it. Vulnerabilities fixed in versions: 0.3.9.2, 0.4.1, 1.7.1, 1.9.1, 2.7.1.
Packages:
Checking the signatures:
  • Check the key fingerprint by checking the topic on #weechat channel (irc.libera.chat) or by asking to a developer.
  • Import the GPG key:
    $ gpg --keyserver hkps://keys.openpgp.org --recv-keys A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
    In case of problem, the GPG key can be downloaded here: Release signing key (format: PGP public key).
  • Trust the key:
    $ gpg --edit-key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
    gpg> trust
  • In directory with package + signature:
    $ gpg --verify weechat-0.3.9.1.tar.xz.asc weechat-0.3.9.1.tar.xz
  • If the signature is OK you should see a message like this one:
    gpg: Signature made Sat 20 Oct 2012 07:36:35 PM CEST using RSA key ID DEC408F8
    gpg: Good signature from "WeeChat (signing key) <webmaster@weechat.org>"