Installing from source, how to verify download

I’d like to install Bisq from source on Linux. How do I verify that the source code I’ve downloaded is has not been tampered? I see the Verification steps provided at, but those instructions assume that you’ve downloaded a binary package, not source code.


I think it should be possible to verify the commits as signed by the contributors as claimed, if you checkout the git repo. Don’t know how to do it and perhaps it would be good to release the source signed as well.

I agree that source tarballs should be signed also