Warning: the version 3.2.1 has one or more
vulnerabilities, it is not recommended to use it.
Vulnerabilities fixed in versions:
3.4.1,
4.4.2.
Packages:
Checking the signatures:
-
Check the key fingerprint by checking the topic on #weechat channel (irc.libera.chat) or by asking to a developer.
-
Import the PGP key:
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
In case of problem, the release signing key (format: PGP public key) can be downloaded here:
binary /
ASCII
-
Trust the key:
$ gpg --edit-key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
gpg> trust
-
In directory with package + signature:
$ gpg --verify weechat-3.2.1.tar.xz.asc weechat-3.2.1.tar.xz
-
If the signature is OK you should see a message like this one:
gpg: Signature made Thu 20 Feb 2025 11:41:27 PM CET
gpg: using RSA key A9AB5AB778FA5C3522FD0378F82F4B16DEC408F8
gpg: Good signature from "WeeChat (signing key) <webmaster@weechat.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A9AB 5AB7 78FA 5C35 22FD 0378 F82F 4B16 DEC4 08F8