OpenPGP Verify the Source Code

'''This chapter is recommended for better security, but is not strictly required.'''<ref>See [[Trust]].</ref>

Retrieve a list of available git tags.

{{CodeSelect|code=
git --no-pager tag
}}

Verify the tag you want to build. Replace it with the tag chosen to build.

{{CodeSelect|code=
git tag -v {{{version}}}
}}

The output should look similar to this.

<pre>
object 1844108109a5f2f8bddcf2257b9f3675be5cfb22
type commit
tag {{{version}}}
tagger Patrick Schleizer <adrelanos@whonix.org> 1392320095 +0000

.
gpg: Signature made Thu 13 Feb 2014 07:34:55 PM UTC using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@whonix.org>" [ultimate]
</pre>

The warning.

<pre>
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
</pre>

Is explained on the [[Signing Key|{{project_name_short}} Signing Key]] page and can be safely ignored.