auth-tarball-from-git: verifying signed git tags without sha256sums=(SKIP)

29 May 2022

      ohai!

I blogged about a new tool that can be used to verify a tarball from a 
signed git tag, while still pinning the sourcecode with >= sha256sum:

https://vulns.xyz/2022/05/auth-tarball-from-git/

Let me know what you think - that's all,
kpcyrd