Hi, I always like to be able to download the pubkeys and signatures so I can verify the downloads before doing the installation.
gpg2 gives me these diagnostics: geany-2.0.tar.bz2.sig Good signature from "Colomban Wendling <b...@ban.netlib.re>" [expired] geany-2.0.tar.gz.sig Good signature from "Colomban Wendling <b...@ban.netlib.re>" [expired] geany-2.0_setup.exe.sig Good signature from "Enrico Tröger <enrico.troe...@uvena.de>" [unknown] and for geany-plugins-2.0.*.sig gpg: Signature made Oct 19, 2023 xx:xx:xx MDT gpg: using EDDSA key 23C0ACC6C2A22D6EB8A98563EC3A8C6CF6546888 gpg: requesting key EC3A8C6CF6546888 from hkp://pgp.surf.nl gpg: Can't check signature: No public key In summary, two expired keys were used to sign the geany 2.0 assets, and the public key required to verify the geany-plugins 2.0 assets does not seem to be available on the geany.org site. There are also no signatures for the .zip and .tar.gz files containing the source code for both geany and geany-plugins. With previous releases, I have also used the MD5SUM, and SHA*SUM files for additional verification. TIA Doug -- Doug Henderson, Calgary, Alberta, Canada - from gmail.com _______________________________________________ Devel mailing list -- devel@lists.geany.org To unsubscribe send an email to devel-le...@lists.geany.org
