[+] · verify your download

trust, but verify.

Every PaellaDoc release is signed with our Apple Developer ID, notarized by Apple, stapled, and obfuscated. The SHA256 checksum below lets you verify the binary you downloaded matches the one we built.

Latest release.

version

v0.2.3

platform

macOS Apple Silicon (darwin-aarch64)

signing

✓ signed · notarized · stapled

SHA256

a198de99924568efecf08fcd8b70e06e2ae7c79ab15b44c814497baf0422e116

↓ download v0.2.3

How to verify.

After downloading, open Terminal and compute the SHA256 of the DMG. Compare it to the value above. If they match, the file you have is byte-for-byte the file we shipped.

macOS / Linux

$ shasum -a 256 ~/Downloads/PAELLADOC_0.2.3_darwin-aarch64.dmg
a198de99924568efecf08fcd8b70e06e2ae7c79ab15b44c814497baf0422e116  PAELLADOC_0.2.3_darwin-aarch64.dmg

alternate: openssl

$ openssl dgst -sha256 ~/Downloads/PAELLADOC_0.2.3_darwin-aarch64.dmg
SHA256(PAELLADOC_0.2.3_darwin-aarch64.dmg)= a198de99924568efecf08fcd8b70e06e2ae7c79ab15b44c814497baf0422e116

If the hash matches — your download is intact and authentic. Open the DMG and drag PaellaDoc to Applications.

If the hash does NOT match — something tampered with the binary in transit. Do not run it. Re-download and verify again. If it still fails, DM @jlcases on X with the mismatched hash.

About the signature.

PaellaDoc is signed with an Apple Developer ID and notarized by Apple's notary service. The notarization ticket is stapled to the DMG, so Gatekeeper can verify offline. You should not need to right-click → Open or run any xattr commands.

verify the apple notarization

$ spctl --assess --type install -vv ~/Downloads/PAELLADOC_0.2.3_darwin-aarch64.dmg
/path/to/PAELLADOC_0.2.3_darwin-aarch64.dmg: accepted
source=Notarized Developer ID

A response of accepted · source=Notarized Developer ID confirms Apple verified our identity and scanned the binary for malware before we shipped.