Warning: the version 2.7.1 has one or more
vulnerabilities, it is not recommended to use it.
Vulnerabilities fixed in versions:
3.2.1,
4.4.2.
Packages:
Checking the signatures:
-
Check the key fingerprint by checking the topic on #weechat channel (irc.libera.chat) or by asking to a developer.
-
Import the GPG key:
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
In case of problem, the GPG key can be downloaded here:
Release signing key (format: PGP public key).
-
Trust the key:
$ gpg --edit-key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
gpg> trust
-
In directory with package + signature:
$ gpg --verify weechat-2.7.1.tar.xz.asc weechat-2.7.1.tar.xz
-
If the signature is OK you should see a message like this one:
gpg: Signature made Sat 20 Oct 2012 07:36:35 PM CEST using RSA key ID DEC408F8
gpg: Good signature from "WeeChat (signing key) <webmaster@weechat.org>"