[guardian-dev] Where to locate GPG signature files for Direct APK downloads?
Nathan of Guardian
nathan at guardianproject.info
Mon Nov 13 10:34:26 EST 2017
On 11/13/2017 08:48 AM, bob at cadamail.com wrote:
> Hello,
> I was searching for .sig, .asc. or .sign files to GPG verify the Direct
> APK downloads. Unfortunately, I was unable to find any for the following:
>
> * lildebi-latest.apk
> * notecipher-latest.apk
> * obscuracam-latest.apk
> * orbot-latest.apk
> * orweb-latest.apk
>
> https://guardianproject.info/releases/
I think they are there, we just didn't link them to the actual files,
like we do with the APKs. I can look into doing that.
>
> As not everyone has access to playstores in restricted countries, it would
> be nice to be able to verify these directly.
Of course, that is why we also offer our F-Droid repo, which has
built-in signing by the repo build process itself:
https://guardianproject.info/fdroid/
and often will post APKs to Github releases pages with ASC sigs:
https://github.com/guardianproject/ObscuraCam/releases/tag/4.0.0-beta-1
https://github.com/n8fr8/orbot/releases/tag/15.5.1-RC-2-multi
You will signed by my key:
https://keybase.io/n8fr8
BBE20FD6DA48A3DD4CC7DF41A801183E69B37AA9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20171113/2829d7ae/attachment.sig>
More information about the guardian-dev
mailing list