Note that kernel.org signs the raw tar file and not the compressed file. This way, they avoid issues like that and also allow conversion into different compression formats while the signature stays valid. Downside is that you have to decompress it first and then hash quite a big file for validation. Regards
Attachment:
signature.asc
Description: This is a digitally signed message part