If you're the cautious type, you may want to verify the packages you download. Starting with libcomprex v0.3.3, all RPM packages are signed with my GPG key, which you may download.

Before verifying a signature, you must download the public key above and import it into your RPM database using the following command (as root):

    rpm --import /path/to/chipx86-pubkey.asc
   

You may then check the authenticity of the packages by typing the following (again, as root):

    rpm -K package.rpm
   

If the package was verified, the result will look something like this:

    package.rpm: (sha1) dsa sha1 md5 gpg OK