All LightMyth files have an accompanying .sig file generated with the author's PGP key.
The key ID is 0x7F98290D.

You can use the signature files to ensure that the files you download are the original ones uploaded
by the author and have not been tampered with in any way.
As an example, to verify the LightMyth 0.5 tar.gz download with GnuPG (www.gnupg.org), you would first
need to import the author's public key:

gpg --keyserver subkeys.pgp.net --recv-key 0x7F98290D

Then verify the file:

gpg --verify lightmyth-0.5.tar.gz.sig lightmyth-0.5.tar.gz

If all is well, you should get something like the following:

gpg: Signature made Sat 05 Mar 2005 00:28:29 GMT using DSA key ID 7F98290D
gpg: Good signature from "David Johnson <dj@xxxx>"

Else you'll get:

gpg: Signature made Sat 05 Mar 2005 00:28:29 GMT using DSA key ID 7F98290D
gpg: BAD signature from "David Johnson <dj@xxxx>"

If GPG reports a bad signature, ensure you're using the correct .sig file
for the file you've downloaded. If you are, please contact the author
immediately using the form on the LightMyth website:

http://lightmyth.david-web.co.uk/feedback.php