alsa-project/alsa-utils issue #258 was opened from egtvedt:
Hello, downloading alsa-utils-1.2.11.tar.bz2 from https://www.alsa-project.org/wiki/Download gives me a file with sha512sum 5ce76807b53357584bfb4ace5acfdac4db9168ffaf5cdd1e499738eec046c36112bf84a99970f66368063a9baf73bad93af2d439630572f3eba5c9321071172d
However, validating this archive against the GPG signing key with fingerprint F04D F507 37AC 1A88 4C4B 3D71 8380 596D A6E5 9C91 does not result in success. Signature file also downloaded from https://www.alsa-project.org/wiki/Download
Doing the above steps for alsa-lib-1.2.11.tar.bz2 archive is successful.
I looked at the diff between alsa-utils-1.2.11.tar.bz2 and git tag, and couldn't spot anything suspicious.
Could a maintainer please verify alsa-utils is properly signed, if not, refresh the signature file to match released binary?
Issue URL : https://github.com/alsa-project/alsa-utils/issues/258 Repository URL: https://github.com/alsa-project/alsa-utils