date : Thursday, 2018-08-09, at 13:13 UTC title: How to Verify this Release of Etsh So... If you're asking, "How do I verify this release?", the following should help answer your question.. I assume you're doing this on OpenBSD. First, download either the entire directory or the following files: SHA256*, one or both of etsh-5.3.0.tar.[gx]z depending on whether you use gzip(1) or xz(1), janeitzel-signify.pub (a copy of my signify public key), and readme-how_to_verify_release. Then, do this... % signify -C -p janeitzel-signify.pub -x SHA256.sig Signature Verified etsh-5.3.0.tar.gz: OK etsh-5.3.0.tar.xz: OK and you're set; otherwise, if you're not on OpenBSD, this or a variation of it with the available tools.. % sha256 -C SHA256 etsh-5.3.0.tar.gz etsh-5.3.0.tar.xz (SHA256) etsh-5.3.0.tar.gz: OK (SHA256) etsh-5.3.0.tar.xz: OK will at least tell you if your downloads were successful and without corruption. -- Cheers, Jeff