Verifying downloads via OpenPGP signatures
It is urgently recommended that you verify the downloaded binary files. If you don't, you might receive files with undesired additional features - spying on you or otherwise abusing your computer.
To verify a file, simply download the corresponding OpenPGP signature file. Both files should be located in the same directory.
Then open a console, switch to the directory containing the downloads and verify them using these commands:
cd ~/Downloads
gpg org.subshare.gui-0.9.9-bin.tar.gz.sig
gpg org.subshare.server-0.9.9-bin.tar.gz.sig
Of course, you need the OpenPGP public key which was used for signing. The CodeWizards' keys can be found here on the CodeWizards web-site.
After downloading a key (e.g. 0x4AB0FBC1.asc), you have to import it into your local key ring.
With gpg, you can do this with the following command:
gpg --import 0x4AB0FBC1.asc
If you use a different OpenPGP implementation (i.e. not gpg), then please consult its documentation about importing keys and verifying signatures.