The .sign files are PGP files. I suspect you can verify the signature like this (didn't check):
*gpg --verify doc.sig doc* See https://www.gnupg.org/gph/en/manual/x135.html for a complete story on how to use signatures and how to verify them. On Thursday, June 22, 2017 at 5:43:32 PM UTC+2, David Karr wrote: > > At https://www.kernel.org/pub/software/scm/git/ , there are tar files > (both .xz and .gz compressed), and "sign" files. I assume the "sign" file > is a signature used to verify the tar file. The documentation does mention > that there are signature files that can be used to verify the installation, > but it doesn't say how to do that. > -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
