Weather Source Downloads

Source releases are compressed with gzip for compatability and (starting with 2.0) xzip as well to provide better compression of the correlation data files. SHA512 and MD5 checksums of these are provided, and all are signed with the author's current PGP key.

Verifying Checksums

Retrieve the compressed tarball you want along with the checksums file and check it with sha256sum:

grep '^.\{64\}  weather-2.1.tar.xz' checksums | sha256sum -c

...or with md5sum:

grep '^.\{32\}  weather-2.1.tar.xz' checksums | md5sum -c

You should see output along the lines of:

weather-2.1.tar.xz: OK

Validating Signatures

If you don't already have the author's PGP key in your keyring, obtain it from a well-known keyserver:

gpg --keyserver --recv-keys 48F9961143495829

Retrieve the detached signature (.pgp file) corresponding to the downloaded tarball and then check it with GnuPG like:

gpg --verify weather-2.1.tar.xz.pgp weather-2.1.tar.xz

Expect output similar to:

gpg: Signature made 2013-04-21T19:52:34 UTC using RSA key ID 43495829
gpg: Good signature from "Jeremy Stanley <>"
gpg:                 aka "[jpeg image of size 2509]"
gpg:                 aka "Jeremy Stanley <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 97AE 496F C02D EC9F C353  B2E7 48F9 9611 4349 5829