Thu, 4 Apr 2024 11:53:45 +0200 Michael Pujos <pujos.michael@gmail.com>:Are these already checked to verify the .obscpio is legit ?It should have been rejected right away be the bot. A tag has no meaning, a tag can refer to anything. Only the full 40 char git hash is hard to fake.
Olaf