The restic project and all the source code, even this website is hosted by
GitHub, and they provide an awesome service! This post describes how we sign
releases of restic by using GnuPG so you can
independently verify the integrity of the source code. In addition it is show
how the automatically generated tar.gz
files can be recreated with from the
git repository.
This is a companion discussion topic for the original entry at https://restic.github.io/blog/2015-09-16/verifying-code-archive-integrity