Description
Verifies a source tarball against a signed Git tag as part of reproducible build workflows. It helps package builders connect release archives to trusted version-control signatures.
Use it when packaging software that publishes signed Git tags and tarballs. Signature verification only helps when the signing keys and release process are trusted.