PGP Signed PostgreSQL Source Code

About this site

This pages linked to below contain a listing of MD5 and SHA1 checksums for the source code of PostgreSQL, an open source relational database management system. (Also referred to as simply "Postgres"). The source code is available as a series of gzipped and bzipped tarballs. Instead of signing each tarball, I have signed messages containing the validated checksum for each file. This makes it easier to verify the source code to other people who do not have GnuPG or who do not have my public key. It also allows people to spot bad checksums on the various Postgres mirrors. If you do come across a bad checksum, please let me know right away.

A Word of Caution

This process only verifies that the files were checked by me to have the proper checksum, and does not mean that I have personally checked every line in the source code for Postgres. However, I am fairly certain that any problem would be quickly found. This page will be updated if any version of Postgres is ever found to have a problem.

It is strongly recommended that you run the most recent version in your branch.

How to verify

To verify the files, you will need to do two things:

Signed checksum files for recent versions

The following versions were released on February 27, 2012:

Signed checksum files for older versions

Last updated April 16, 2012 by Greg Sabino Mullane (greg "at"

Valid XHTML 1.0!