Change #271171
| Category | None |
| Changed by | Daniel Stenberg <daniel@haxx.se> |
| Changed at | Mon 15 Jun 2026 17:13:45 |
| Repository | https://api.github.com/repos/curl/curl |
| Project | curl/curl |
| Branch | bagder/verify-better |
| Revision | 4a94ddde24bd61265baaf9e3c5d4cbdab41bf413 |
Comments
verify-release: don't unpack in git repo - Verify that the curl version number in the file name matches the version number within the tarball. To reduce risk for mistakes. - When verifying using git, do not extract the tarball at all. It avoids the security risk with malicious contents. - Unpack the tarball for non-git verfication. - Move the source tarball into _tarballs/ instead of overwriting it, which can be useful in case the verification fails
Changed files
- scripts/verify-release