Git clone verify

From Whonix

The following block explains how to download and signature verify {{{software}}}.

Ambox warning pn.svg.png While git is cryptographically secure, it is not foolproof. See Web of Trust [archive] and How safe are signed git tags? Only as safe as SHA-1 or somehow safer? [archive] for further information.

Run the following commands in {{{where}}}.

Retrieve the signing key. {{{footnote}}}


Verify the key fingerprint.


Should show.


Import the key.


Get the source code.


Navigate to the {{{folder}}} folder.

cd {{{folder}}}

Always verify software signatures! Check the {{{software}}} signature.


Should show.