Note that kernel.org signs the raw tar file and not the compressed
file. This way, they avoid issues like that and also allow conversion
into different compression formats while the signature stays valid.
Downside is that you have to decompress it first and then hash quite a
big file for
* FC Stegerman , 2023-02-19 21:08:
(There was a recent LWN article covering this, see
https://lwn.net/Articles/921787/.)
That seems to be subscribers-only :(
Here you go:
https://lwn.net/SubscriberLink/921787/ff1350f40f12fb8e/
--
Jakub Wilk
On 19.02.23 21:08, FC Stegerman wrote:
* Guillem Jover [2023-02-19 20:50]:
My upstream creates a tarball with git-archive, creates a signature and
uploads it (as described in the wiki[3]). This used to work to verify
the github-created tarball, but fails now - while creating my own
tarball
* Guillem Jover [2023-02-19 20:50]:
> > My upstream creates a tarball with git-archive, creates a signature and
> > uploads it (as described in the wiki[3]). This used to work to verify
> > the github-created tarball, but fails now - while creating my own
> > tarball like upstream and verifying
Hi!
On Sun, 2023-02-19 at 18:34:56 +0100, Jens Reyer wrote:
> [This is a followup to the thread "Q: uscan with GitHub" at
> https://lists.debian.org/debian-devel/2022/10/msg00313.html. I manually set
> in-reply-to, but am not sure if it'll work.]
> My upstream creates a tarball with git-archive,
[This is a followup to the thread "Q: uscan with GitHub" at
https://lists.debian.org/debian-devel/2022/10/msg00313.html. I manually
set in-reply-to, but am not sure if it'll work.]
> On Tue, Oct 11, 2022 at 10:23 AM Stephan Lachnit
wrote:
>> On Sun, Oct 9, 2022 at 7:06 PM Volans wrote:
6 matches
Mail list logo
