Hi there, as discussed this afternoon on IRC with Ben, I'd took a look at PGP-checking the tags when using genorig.py for extracing the kernel sources.
I'm unsure how people (and especially Ben) do it nowadays, but for linux-grsec I mostly use genorig.py with git, and usually checks the tag signature before running genorig. I thought it might be a good idea to enforce this verification as part of the script, and fail if the signature fails. I've setup a branch in my own repository [1] if someone wants to take a look (I guess I can also resend with git send-email or something). [1] https://anonscm.debian.org/cgit/collab-maint/linux-grsec.git/log/?h=gpg-ta g-check Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part