----- Bill Merriam <lists at billmerriam.com> wrote: > The developers sign the release files with GPG. Is there someplace > their keys or fingerprints are listed so we can tell gpg we trust the > key? Yes. Our keys are on the keyserver, pgp.mit.edu. -- Russell Bryant Software Engineer Digium, Inc.