Change #271228
| Category | curl |
| Changed by | Daniel Stenberg <daniel@haxx.se> |
| Changed at | Mon 15 Jun 2026 22:35:33 |
| Repository | https://github.com/curl/curl.git |
| Project | curl |
| Branch | master |
| Revision | 7f57aeec40926dce22d997cf05810fb9c9c721d3 |
Comments
verify-release: don't unpack in git repo - Clarify that the tarball to verify should be put in the same dir you run the script. - Verify that the curl version number in the file name matches the version number within the tarball. To reduce risk for mistakes. - When verifying using git, do not unpack the tarball. It avoids the security risk with malicious tarball contents playing tricks on git. - Only unpack the tarball for git-less verfication. - Move the source tarball into _tarballs/ instead of overwriting it, which can be useful in case the verification fails Closes #22032
Changed files
- scripts/verify-release