Verification of CRS release signature

[studersi]

CRS releases come with an .asc file. The CRS releases could be verified like the other downloaded resources.

Example: https://github.com/coreruleset/coreruleset/releases/download/v3.3.0/coreruleset-3.3.0.tar.gz.asc

[studersi]

Suggestion:

wget https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz
wget https://github.com/coreruleset/coreruleset/releases/download/v3.3.0/coreruleset-3.3.0.tar.gz.asc
wget https://coreruleset.org/security.asc
gpg --import security.asc
gpg --trusted-key 38EEACA1AB8A6E72 --verify coreruleset-3.3.0.tar.gz.asc v3.3.0.tar.gz