Get the fingerprint Join us on the OFTC #subgraph channel and check the topic. Get the public singing key gpg --recv <fingerprint> Verify the sha256 signature gpg --verify release_<>.asc Verify the sha256 checksum sha256sum -c release_<>.sha256