auth-tarball-from-git: verifying tarballs with signed git tags using reproducible builds

kpcyrd kpcyrd at
Tue May 31 09:39:51 UTC 2022


I blogged about a new tool[1] that can be used to verify a tarball from 
a signed git tag, while still pinning the sourcecode with >= sha256sum:

Let me know what you think - that's all,


More information about the rb-general mailing list