[FFmpeg-devel] [PATCH] web/download: List the expected differences for releases and git and the expected signing key

Michael Niedermayer Mon, 01 Apr 2024 16:34:14 -0700

This is kept terse, as few users are expected to check that but its important 
that we list what the expected differences and
signing key is, so any anomalies can be quickly detected.


Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 src/download | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/download b/src/download
index 0e6fa7e..9866a3b 100644
--- a/src/download
+++ b/src/download
@@ -285,6 +285,8 @@ gpg:                issuer "ffmpeg-devel@ffmpeg.org"
 gpg: Good signature from "FFmpeg release signing key 
&lt;ffmpeg-devel@ffmpeg.org&gt;" [full]</pre>
       </li>
     </ol>
+    Optionally, you can verify that git and tarball match, the only 
differences should be the absence of .git* files in the tarball and a VERSION 
file in the tarball containing the version.
+    The git tags should be signed with <a href="git-tag-key.asc">EDDSA key 
DD1EC9E8DE085C629B3E1846B18E8928B3948D64</a>
   </p>
 
   <h4 id="releases">
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH] web/download: List the expected differences for releases and git and the expected signing key

Reply via email to