From 3297e6fc573fc90881bb47d877ad9e3470e5f6b8 Mon Sep 17 00:00:00 2001 From: Wolfgang Müller Date: Fri, 7 May 2021 14:37:25 +0200 Subject: posts: Add warning about downloading tarballs with Firefox Let's hope that bug is fixed in the next 10 years! --- posts/verify-with-signify.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/posts/verify-with-signify.md b/posts/verify-with-signify.md index 039ac8c..d2061e2 100644 --- a/posts/verify-with-signify.md +++ b/posts/verify-with-signify.md @@ -11,6 +11,12 @@ downloaded files, I strongly recommend using it to also verify the _signature_. A portable version of the tool is available [here](https://github.com/aperezdc/signify). +**Note**: Firefox is +[bugged](https://bugzilla.mozilla.org/show_bug.cgi?id=610679) when it comes to +downloading content that is already compressed. Tarballs that were downloaded +with Firefox will **fail** verification. Please make sure to use another +browser or a tool like `curl` or `wget` to obtain the tarballs. + ### Obtaining the signature and checksum Whether or not you decide to use `signify` to verify downloaded files, you need -- cgit v1.2.3-2-gb3c3