On Thursday, June 22, 2017 at 8:49:30 AM UTC-7, Tamar wrote: > > The .sign files are PGP files. I suspect you can verify the signature like > this (didn't check): > > *gpg --verify doc.sig doc* > > I managed to resolve this. This "gpg" command doesn't work, because I don't have the public key, but I did notice the "sha256sums.asc" file in the same directory, and I used "sha256sum" to generate the sum to compare with.
> See https://www.gnupg.org/gph/en/manual/x135.html for a complete story on > how to use signatures and how to verify them. > > On Thursday, June 22, 2017 at 5:43:32 PM UTC+2, David Karr wrote: >> >> At https://www.kernel.org/pub/software/scm/git/ , there are tar files >> (both .xz and .gz compressed), and "sign" files. I assume the "sign" file >> is a signature used to verify the tar file. The documentation does mention >> that there are signature files that can be used to verify the installation, >> but it doesn't say how to do that. >> > -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
