Because of a recent attack against SourceForge all the GeSHi releases will be available signed to allow for verification of authenticity of the released files.
Since also older files might have been tampered with due to the attack against SourceForge.net I will provide signatures for all releases starting with the very first version. The files I will do the signatures against are local backups of the files I always keep, but which I can verify against multiple copies in different locations.
Due to signing all files and verifying integrity it will take me a few days for the latest release to be packaged but I’m confident it will be available next week for all of you.
All the releases will be signed using my GnuPG key for the GeSHi support address BenBE -> at < - geshi -> dot < - org, key ID 0xE8E12EAD and fingerprint 0D31 6B6A BE02 2C77 98D0 324B F1D3 5CB9 E8E1 2EAD. The key is available here, here, on keyservers and in several other places on the internet. The key is in the strong set and thus should be easy to verify.
It is strongly encouraged for all people downloading the GeSHi releases to check the integrity using the provided signatures.
If you have any questions regarding this measure, feel free to comment below or write me (encrypted) mail.
