Binary packages are signed with Todd’s PGP key. For .rpm and .deb packages, the signature is embedded in the package file itself. All other files use detached signatures (separate .sig files). Two keys are included in the file, the current pgp signing key with the fingerprint 59D1 E9CC BA2B 3767 04FD D35B A9F4 C021 CEA4 70FB and the old pgp signing key with the fingerprint CCB2 4BE9 E948 1B15 D341 5953 5A89 DFA2 7EE4 70C4. The signing keys are also available from the MIT public key server a...
