[FFmpeg-devel] [PATCH] web/download: List the expected differences for releases and git and the expected signing key
Michael Niedermayer
michael at niedermayer.cc
Tue Apr 2 02:33:56 EEST 2024
This is kept terse, as few users are expected to check that but its important that we list what the expected differences and
signing key is, so any anomalies can be quickly detected.
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
src/download | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/download b/src/download
index 0e6fa7e..9866a3b 100644
--- a/src/download
+++ b/src/download
@@ -285,6 +285,8 @@ gpg: issuer "ffmpeg-devel at ffmpeg.org"
gpg: Good signature from "FFmpeg release signing key <ffmpeg-devel at ffmpeg.org>" [full]</pre>
</li>
</ol>
+ Optionally, you can verify that git and tarball match, the only differences should be the absence of .git* files in the tarball and a VERSION file in the tarball containing the version.
+ The git tags should be signed with <a href="git-tag-key.asc">EDDSA key DD1EC9E8DE085C629B3E1846B18E8928B3948D64</a>
</p>
<h4 id="releases">
--
2.17.1
More information about the ffmpeg-devel
mailing list