Releases are signed using GnuPG. 0.33 and
newer will be signed with GPG key FCF0B5DCF06A8079
(fingerprint: 40DA 3AF2 9727 8DA2 B8E1 8D2F FCF0 B5DC
F06A 8079). 0.32 and older are signed with GPG key
47486962 (fingerprint: 172F BCE9 8FCA C676 341B 75F7
6FCB 32C9 4748 6962).
To verify a release download the detached GPG signature file, such
as http://ftp.gnu.org/gnu/gnutrition/gnutrition-latest.tar.gz.sig
(HTTPS).
You may also use
a mirror (HTTPS)
for this as well. Once both files are downloaded you can check the
signature with gpg --verify gnutrition-[version].tar.gz.sig.
Documentation for GNUtrition is available online, as is documentation for most GNU software. For the Python 2 versions, you may want the old manual instead.
GNUtrition has the following public mailing lists:
Announcements about GNUtrition and most other GNU software are made on the info-gnu mailing list (archives). Security reports that should not be made immediately public can be sent directly to the maintainer. If there is no response to an urgent issue, you can escalate to the general security mailing list for advice.
GNUtrition is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.