[guardian-dev] Where to locate GPG signature files for Direct APK downloads?

Nathan of Guardian nathan at guardianproject.info
Mon Nov 13 10:34:26 EST 2017



On 11/13/2017 08:48 AM, bob at cadamail.com wrote:
> Hello,
> I was searching for .sig, .asc. or .sign files to GPG verify the Direct
> APK downloads. Unfortunately, I was unable to find any for the following:
> 
> * lildebi-latest.apk
> * notecipher-latest.apk
> * obscuracam-latest.apk
> * orbot-latest.apk
> * orweb-latest.apk
> 
> https://guardianproject.info/releases/

I think they are there, we just didn't link them to the actual files,
like we do with the APKs. I can look into doing that.

> 
> As not everyone has access to playstores in restricted countries, it would
> be nice to be able to verify these directly.

Of course, that is why we also offer our F-Droid repo, which has
built-in signing by the repo build process itself:
https://guardianproject.info/fdroid/

and often will post APKs to Github releases pages with ASC sigs:
https://github.com/guardianproject/ObscuraCam/releases/tag/4.0.0-beta-1
https://github.com/n8fr8/orbot/releases/tag/15.5.1-RC-2-multi

You will signed by my key:
https://keybase.io/n8fr8
BBE20FD6DA48A3DD4CC7DF41A801183E69B37AA9





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20171113/2829d7ae/attachment.sig>


More information about the guardian-dev mailing list