The XZ tarballs for the following kernel releases did not initially pass signature verification due to benign changes to the tarball structure done by the pixz compression tool: 4.11.1 4.10.16 4.9.28 4.4.68 These changes would have resulted in GPG returning "Bad Signature …
