auth-tarball-from-git: verifying tarballs with signed git tags using reproducible builds

kpcyrd kpcyrd at rxv.cc
Tue May 31 09:39:51 UTC 2022

Previous message (by thread): #r-b irc meeting, Tuesday, May 31st, 15 UTC
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ohai!

I blogged about a new tool[1] that can be used to verify a tarball from 
a signed git tag, while still pinning the sourcecode with >= sha256sum:

https://vulns.xyz/2022/05/auth-tarball-from-git/

Let me know what you think - that's all,
kpcyrd

[1]: https://github.com/kpcyrd/auth-tarball-from-git

Previous message (by thread): #r-b irc meeting, Tuesday, May 31st, 15 UTC
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the rb-general mailing list