FWIW Samba signed the tar file rather than the .tar.gz file because older versions of Internet Explorer would decompress on the fly, making it impossible for the user to verify the signature.
That is no longer as much of an issue as it was (if it even was common for IE users to download Samba and GPG verify signatures), so Samba is probably switching to signing tar.gz files in the near future. Cheers, Jelmer
signature.asc
Description: Digital signature
