<!-- * Use this issue template for suggesting new docs or updates to existing docs. Note: Doc work as part of feature development is covered in the Feature Request template. * For issues related to features of the docs.gitlab.com site, see https://gitlab.com/gitlab-org/gitlab-docs/issues/ * For information about documentation content and process, see https://docs.gitlab.com/ee/development/documentation/ --> ### Problem to solve <!-- Include the following detail as necessary: * What product or feature(s) affected? * What docs or doc section affected? Include links or paths. * Is there a problem with a specific document, or a feature/process that's not addressed sufficiently in docs? * Any other ideas or requests? --> As maintainer of a project i want to upload signatures to the source archives created by gitlab for a release. For this the commands/algorithms used to create the archives by gitlab must be locally reproducable. ### Further details <!-- * Any concepts, procedures, reference info we could add to make it easier to successfully use GitLab? * Include use cases, benefits, and/or goals for this work. * If adding content: What audience is it intended for? (What roles and scenarios?) For ideas, see personas at https://design.gitlab.com/research/personas or the persona labels at https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=persona%3A --> I don't think it's smart to blindly download the generated archives and upload signatures for them since that wouldn't protect against servers that have been compromised. ### Proposal <!-- Further specifics for how can we solve the problem. --> Provide documentation for tar/zip command flags that will allow maintainers to reproduce the the source archives locally.