[guardian-dev] Where to locate GPG signature files for Direct APK downloads?

Nathan of Guardian nathan at guardianproject.info
Mon Nov 13 10:34:26 EST 2017

On 11/13/2017 08:48 AM, bob at cadamail.com wrote:
> Hello,
> I was searching for .sig, .asc. or .sign files to GPG verify the Direct
> APK downloads. Unfortunately, I was unable to find any for the following:
> * lildebi-latest.apk
> * notecipher-latest.apk
> * obscuracam-latest.apk
> * orbot-latest.apk
> * orweb-latest.apk
> https://guardianproject.info/releases/

I think they are there, we just didn't link them to the actual files,
like we do with the APKs. I can look into doing that.

> As not everyone has access to playstores in restricted countries, it would
> be nice to be able to verify these directly.

Of course, that is why we also offer our F-Droid repo, which has
built-in signing by the repo build process itself:

and often will post APKs to Github releases pages with ASC sigs:

You will signed by my key:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20171113/2829d7ae/attachment.sig>

More information about the guardian-dev mailing list