Integrity · Trent Power

Every public file is hashed and listed in a manifest, signed with a detached PGP signature so each release can be checked against the publisher's key - independently, on your own machine, without trust in this server. You can verify locally here.

May 2026

Manifest · Signature · Public key

Verification records

Manifest: /integrity.json Download the signed integrity manifest (JSON listing every public file and its SHA-256)
Detached signature: /integrity.json.sig Download the detached PGP signature for the integrity manifest
Archive checksums: /SHA256SUMS Download the SHA-256 checksums for the signed release archives
Public key: /.well-known/pgp-key.asc Download the public PGP key used to sign releases

Source archives

ZIP Download the source archive as a ZIP file TAR.GZ Download the source archive as a TAR.GZ file

Release fingerprint

A729 591B 450D 3F59 3694 98BD 8299 1F25 04AE 0263

Signed.Verifiable.Reproducible.