On Tue 2019-03-19 07:08:18 -0300, David Bremner wrote:
> To quote id:87ftrpgjdb.fsf@fifthhorseman.net
>
> if the thing verified is the output of sha256sum, then the
> *filename* of the tarball itself is included, then the standard
> verification step will is sufficient to ensure that you've got the right
> version in the filename.
>
> This is in addition to the detached signature on the tarball
I think the 3-part series i published starting at
id:20190323123544.6264-1-dkg@fifthhorseman.net supercedes this patch.
thanks for maintaining our release processes, David!
--dkg