[PATCH] build: sign tarball instead of sha256sum

[David Bremner]

David Bremner <david at tethera.net> writes:

> Adam Majer pointed out in [1] the way were signing releases was
> unusual. Neither Carl nor I could think of a good reason for
> explicitely signing the checksum (internally of course that's what GPG
> is going anyway).

It seemed unlikely that there would be much testing for this (but feel
free!), so I have pushed it. I can fix any glitches during the next
release.

d