Crypto is full of theiving @#$!'ds. We can NOT trust ANY communication with or from me unless it is via GPG signed email with the correct, verifiable signature.
You can send ME encrypted email using this contact form at my FlowCryptâ„¢ Encrypted Contact Page (powered by GPG)
GitHub release tags should be GPG signed by myself. You can verify the code is how it was when I signed thusly ...
Retrieve my public key from from my FlowCrypt's Encrypted Contact Page Public Fingerprint: 036E 2526 A474 0940 E1DF 9195 5751 D33B 09A2 7356
I use the same key to sign git tags (when I do) example: tag 0.2.0B (first open source release) is signed ...
% git clone https://github.com/gruvin/hexmob.win.git
% cd hexmob.win
% % git tag --verify v0.2.0B
>>>>>>> 67a0a1ce173751960427800e8f15f8dc3bee8596
object a9662f470c35a28b1e3ca6301b08066ae82289ba
type commit
tag v0.2.0B
tagger Bryan <gruvin@gmail.com> 1590729834 +1200
Going Open Source.
gpg: Signature made Fri 29 May 17:23:54 2020 NZST
gpg: using RSA key 036E2526A4740940E1DF91955751D33B09A27356
gpg: Good signature from "Bryan Rentoul <gruvin@gmail.com>" [ultimate]