Note that kernel.org signs the raw tar file and not the compressed
file. This way, they avoid issues like that and also allow conversion
into different compression formats while the signature stays valid.
Downside is that you have to decompress it first and then hash quite a
big file for validatio
* FC Stegerman , 2023-02-19 21:08:
(There was a recent LWN article covering this, see
https://lwn.net/Articles/921787/.)
That seems to be subscribers-only :(
Here you go:
https://lwn.net/SubscriberLink/921787/ff1350f40f12fb8e/
--
Jakub Wilk
On 19.02.23 21:08, FC Stegerman wrote:
* Guillem Jover [2023-02-19 20:50]:
My upstream creates a tarball with git-archive, creates a signature and
uploads it (as described in the wiki[3]). This used to work to verify
the github-created tarball, but fails now - while creating my own
tarball lik
* Guillem Jover [2023-02-19 20:50]:
> > My upstream creates a tarball with git-archive, creates a signature and
> > uploads it (as described in the wiki[3]). This used to work to verify
> > the github-created tarball, but fails now - while creating my own
> > tarball like upstream and verifying i
Hi!
On Sun, 2023-02-19 at 18:34:56 +0100, Jens Reyer wrote:
> [This is a followup to the thread "Q: uscan with GitHub" at
> https://lists.debian.org/debian-devel/2022/10/msg00313.html. I manually set
> in-reply-to, but am not sure if it'll work.]
> My upstream creates a tarball with git-archive,
5 matches
Mail list logo
