Verifying and checksumming new release is somewhat cumbersom

john doe johndoe65534 at
Thu Nov 26 19:12:27 CET 2020

Hello all,

I see that at (1) and (2) the public keys block and the sha1sums
respectively are listed on their corresponding page.

Is there a URL to download those sha1sums and those public keyss as  files?

That is for checksumming I could simply do:

$ sha1sum -c <CHECKSUM-FILE> --ignore-missing

and for the public key I could do something like:

$ gpg --import <PUBLIC-KEYS-FILES>
$ gpg --verify *.sig

I understand that for this last step I could also do:

$ gpg --keyserver-options auto-key-retrieve veirfy *.sig

Any feedback is appreciated.


If I can I'll be more than happy to help tweaking the release process in
that regard.


John Doe

More information about the Gnupg-users mailing list