ObjFW is developed in a Fossil repository, with automatic incremental exports to Git. This means you can either clone the Fossil repository or the Git repository - it does not make a huge difference. The main advantage of cloning the Fossil repository over cloning the Git repository is that you also get all the tickets, wiki pages, etc.

Fossil

Clone the Fossil repository like this:

fossil clone https://objfw.nil.im

You can then use Fossil's web interface to browse the timeline, tickets, wiki pages, etc.:

cd objfw
fossil ui

In order to verify the signature of the currently checked out checkin, you can use:

fossil artifact current | gpg --verify

Checkins are not signed with the same key as releases, but the key for checkins is included in the releases, so you can get it from there.

Please note that not all checkins are signed, as the signing key only resides on trusted systems. This means that checkins I perform on e.g. Windows are unsigned. However, usually it should not take long until there is another signed checkin. Alternatively, you can go back until the last signed checkin and review changes from there on.

Git

To clone the Git repository, use the following:

git clone https://github.com/ObjFW/ObjFW

Git commits are not signed, so if you want to check the signature of an individual commit, branch head or tag, please use Fossil.