[+] · verify your download

trust, but verify.

Every PaellaDoc release is signed with my Apple Developer ID, notarized by Apple, stapled, and obfuscated. The SHA256 checksum below lets you verify the binary you downloaded matches the one I built.

Latest release.

version

v0.2.276

platform

macOS Apple Silicon (macos-aarch64)

signing

✓ signed · notarized · stapled

SHA256

e20289f397b5098d3a64d95b7da094a7c88bb7d05627010d12fb7b4715bbf0fb

↓ download v0.2.276

How to verify.

After downloading, open Terminal and compute the SHA256 of the DMG. Compare it to the value above. If they match, the file you have is byte-for-byte the file I shipped.

macOS / Linux

$ shasum -a 256 ~/Downloads/PAELLADOC_0.2.276_darwin-aarch64.dmg
e20289f397b5098d3a64d95b7da094a7c88bb7d05627010d12fb7b4715bbf0fb  PAELLADOC_0.2.276_darwin-aarch64.dmg

alternate: openssl

$ openssl dgst -sha256 ~/Downloads/PAELLADOC_0.2.276_darwin-aarch64.dmg
SHA256(PAELLADOC_0.2.276_darwin-aarch64.dmg)= e20289f397b5098d3a64d95b7da094a7c88bb7d05627010d12fb7b4715bbf0fb

If the hash matches — your download is intact and authentic. Open the DMG and drag PaellaDoc to Applications.

If the hash does NOT match — something tampered with the binary in transit. Do not run it. Re-download and verify again. If it still fails, DM @jlcases on X with the mismatched hash.

About the signature.

PaellaDoc is signed with an Apple Developer ID and notarized by Apple's notary service. The notarization ticket is stapled to the DMG, so Gatekeeper can verify offline. You should not need to right-click → Open or run any xattr commands.

verify the apple notarization

$ spctl --assess --type install -vv ~/Downloads/PAELLADOC_0.2.276_darwin-aarch64.dmg
/path/to/PAELLADOC_0.2.276_darwin-aarch64.dmg: accepted
source=Notarized Developer ID

A response of accepted · source=Notarized Developer ID confirms Apple verified my identity and scanned the binary for malware before I shipped it.