Checking if Frugalware tarballs are from trusted source

1. How to verify

Import our public keyring with the

$ gpg --recv-keys 20F55619

command.

Verify the tarball. Here is an example:

$ gpg --verify pacman-tools-0.7.2.tar.gz.asc pacman-tools-0.7.2.tar.gz
gpg: Signature made Sun 14 May 2006 02:35:34 AM CEST using DSA key ID 20F55619
gpg: Good signature from "Frugalware Linux Archives Verification Key \
        <frugalware-devel@frugalware.org>"

2. The meaning of this signature

This signature does not guarantee that the Frugalware Linux Archives master site itself has not been compromised. However, if we suffer an intrusion we will revoke the key and post information here as quickly as possible.