At https://www.kernel.org/pub/software/scm/git/ , there are tar files (both .xz and .gz compressed), and "sign" files. I assume the "sign" file is a signature used to verify the tar file. The documentation does mention that there are signature files that can be used to verify the installation, but it doesn't say how to do that.
-- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.