Roland, the 3.1 release tarball is signed, http://download.savannah.gnu.org/releases/bbdb/
bbdb-3.1.tar.gz 01-Mar-2014 05:40 366K bbdb-3.1.tar.gz.sig 01-Mar-2014 05:40 287 which is great, $ gpg ~/tmp/bbdb-3.1.tar.gz.sig Detached signature. Please enter name of data file: ../bbdb3_3.1.orig.tar.gz gpg: Signature made Sat 01 Mar 2014 04:57:58 GMT using RSA key ID 44A3B825 gpg: Can't check signature: public key not found Debian now has facilities to automatically download and verify such signatures, thus firmly closing the barn door. Unfortunately I cannot find the signing key anywhere. $ gpg --keyserver pgp.mit.edu --search 44A3B825 gpg: searching for "44A3B825" from hkp server pgp.mit.edu gpg: key "44A3B825" not found on keyserver An armored export of the key in that same download directory would probably make sense. (I'm sure the NSA will know it's actually your key, so you should be able to get them to sign it for you.) Cheers, --Barak. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ bbdb-info@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bbdb-info BBDB Home Page: http://bbdb.sourceforge.net/