All downloads on this site now include a “verify” link in the Download Links section at the top of each page. This provides brief instructions on verifying the authenticity of your download, which is as simple a pasting a few lines into your terminal (you can even paste all the lines at once).
I have created a PGP key and signed all the current versions of the files available for download. The reason I took the time to do this is to improve your security. I recommend verifying downloads.
Arch Linux Users: The AUR currently provides no way to verify signatures. For now I recommend following the ‘verify’ instructions prior to using the AUR to install software.
If you ever encounter a bad signature, please don’t ignore it, and let me know about it so I can check the server.
Sorry, the comment form is closed at this time.