[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems verifying signed github releases (Re: Q: uscan with GitHub)

Note that kernel.org signs the raw tar file and not the compressed
file. This way, they avoid issues like that and also allow conversion
into different compression formats while the signature stays valid.

Downside is that you have to decompress it first and then hash quite a
big file for validation.


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: