Comment by api
7 years ago
Putting malicious code before the signature doesn't work because gpg chops it out. It only outputs the verified part.
It is definitely a kludge though.
7 years ago
Putting malicious code before the signature doesn't work because gpg chops it out. It only outputs the verified part.
It is definitely a kludge though.
So the shebang is redundant, except for testing during development? [ed: and for allowing the daring to just do curl|bash, I guess]
It's not strictly necessary, no.