Caution: the version 3.4.1 has one or more vulnerabilities that are fixed in versions: 4.4.2, 4.6.3.

Packages:

• weechat-3.4.1.tar.xz (2.5 MB, SHA512, PGP)
• weechat-3.4.1.tar.gz (4.9 MB, SHA512, PGP)

Checking the signatures:

• Check the key fingerprint by checking the topic on #weechat channel (irc.libera.chat) or by asking to a developer.
• Import the PGP key:

  $ gpg --keyserver hkps://keys.openpgp.org --recv-keys A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8

  In case of problem, the release signing key (format: PGP public key) can be downloaded here: binary / ASCII
• Trust the key:

  $ gpg --edit-key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
  gpg> trust

• In directory with package + signature:

  $ gpg --verify weechat-3.4.1.tar.xz.asc weechat-3.4.1.tar.xz

• If the signature is OK you should see a message like this one:

  gpg: Signature made Thu 20 Feb 2025 11:41:27 PM CET
  gpg:                using RSA key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
  gpg: Good signature from "WeeChat (signing key) <webmaster@weechat.org>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: A9AB 5AB7 78FA 5C35 22FD  0378 F82F 4B16 DEC4 08F8