[1.4.1] - 2026-07-10
Added
- Arch Linux package (
DotScramble-Linux-x86_64.pkg.tar.zst): Native package for Arch Linux and Manjaro, installable withsudo pacman -U. Includes proper.PKGINFOmetadata, launcher script, desktop entry, and icon. - Public GPG key (
public_key.asc): FreeRave signing key (0D9B71AF1791DA36) now shipped as a release asset so users can verify signatures offline without a keyserver. - Security & Integrity Verification section in README with step-by-step GPG verification guide for AppImage, .deb, and .pkg.tar.zst packages.
Changed
- GPG signing key: Migrated from
kareem ehab(D3EB5327471C8F22) to new FreeRave key (0D9B71AF1791DA36, RSA-4096, expires 2029). All release artifacts are now signed with the FreeRave identity. - Checksum file renamed:
sha.txt→SHA256SUMSto match the standard Linux convention compatible withsha256sum -cdirectly. - Build pipeline:
build.pynow explicitly pins GPG signing to--local-user 0D9B71AF1791DA36and generates.pkg.tar.zstin addition to.deb,.AppImage, and.tar.gz.
Fixed
- GPG
--detach-signinbuild.pyno longer relies on the default key, preventing accidental signing with an expired key.
Release validated by GitHub Actions on 2026-07-10 16:34 UTC
Version: 1.4.1 | Artifacts signed with GPG (.asc)
Verify integrity: sha256sum -c SHA256SUMS