From April 2nd, 2002 to September 12th, 2012
all released packages and communications have been signed with the following
PGP public key, having a fingerprint of
3D7F 383C B41E 33D7 0250 A9AC A42E 4223 C818 1A52
Starting September 13th, 2012 this new
PGP public key is in use, it has
3B31 29AF 1DDD EFA5 A37D 818F 0831 B0BD 03D8 B182
The signature does only proves that Denis Corbin have personally released the sources or binary package. This means there is no malicious code inside the signed packages (If you trust him, of course).