Upstream Go provides .asc files, serving the same purpose as our .sig files:
https://golang.org/dl/go1.17.linux-amd64.tar.gz
https://golang.org/dl/go1.17.linux-amd64.tar.gz.asc
https://dotnetbuildoutput.blob.core.windows.net/golang/microsoft/main/20210818.1/go.20210818.1.linux-amd64.tar.gz.sig
They are both armored PGP signatures.
If I knew Go provided .asc files, I would have followed the naming, but they aren't advertised on the download page. I found out about them because the official golang Dockerfiles use the .asc files to verify the download.
Changing to .asc would also let us remove some tweaks I made to the golang Dockerfiles that make them use .sig when downloading our builds.
Upstream Go provides
.ascfiles, serving the same purpose as our.sigfiles:https://golang.org/dl/go1.17.linux-amd64.tar.gz
https://golang.org/dl/go1.17.linux-amd64.tar.gz.asc
https://dotnetbuildoutput.blob.core.windows.net/golang/microsoft/main/20210818.1/go.20210818.1.linux-amd64.tar.gz.sig
They are both armored PGP signatures.
If I knew Go provided
.ascfiles, I would have followed the naming, but they aren't advertised on the download page. I found out about them because the official golang Dockerfiles use the.ascfiles to verify the download.Changing to
.ascwould also let us remove some tweaks I made to the golang Dockerfiles that make them use.sigwhen downloading our builds.