Verifying Code Archive Integrity

The restic project and all the source code, even this website is hosted by GitHub, and they provide an awesome service! This post describes how we sign releases of restic by using GnuPG so you can independently verify the integrity of the source code. In addition it is show how the automatically generated tar.gz files can be recreated with from the git repository.


This is a companion discussion topic for the original entry at https://restic.github.io/blog/2015-09-16/verifying-code-archive-integrity