From 9d076d6a194ee9675a5bf585de1b2c2a634f3946 Mon Sep 17 00:00:00 2001 From: Mark Qvist Date: Thu, 7 May 2026 20:07:21 +0200 Subject: [PATCH] Prepare release --- Changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index ec658989..37f3f2f1 100644 --- a/Changelog.md +++ b/Changelog.md @@ -42,7 +42,7 @@ Release artifacts include `rsg` signature files that can be validated against th rnid -i bc7291552be7a58f361522990465165c -V rns-1.2.4-py3-none-any.whl ``` -The `rnid` utility will then verify the signatures, and display whether it is valid. If not, the file has been tampered with and should not be trusted. +The `rnid` utility will then verify the signatures, and display whether it is valid. If the signature cannot be verified, the file has been tampered with and should be thrown very far away in a jiffy. This is the first release using the new `rsg` signature format, and you will need this latest version of RNS to verify them. Ironic, I know, but that's how it is. Since release file hashes are now embbeded in the `rsg` signatures, this is the last release that will explicitly post the raw release hashes. Verifying with `rnid` is much more effective, since it ensures all data was signed by the release identity.