Tim Ruffing

> Hi! Please correct me if I'm wrong. As per my understanding, the `secp256k1_modinv32_modinfo_verify` function that I am going to create will check if the modulus is odd. This is...

@jonasnick Can you try setting the additional sanitizer env variables that we set in the CI config? https://github.com/bitcoin-core/secp256k1/blob/427e86b9edcaa5cb19e71233ad93c2ec60dff10f/.github/workflows/ci.yml#L444-L446 Those should probably be added to our output for reproduction... I'm just...

> I'm just in the process of getting a diff of the Debian package versions. I double and triple checked that I used the right input, but believe it or...

Hm, okay, and this is their fix (it's the same as our workaround): https://github.com/actions/runner-images/pull/9513/commits/7aba0ab8abda5860b693ed43d74241a652660356 I'd tend to keep the workaround in our code base. I think it's good to have...

> We could maybe expand a bit on the comment, and explain that this will be [resolved in future clang releases](https://github.com/google/sanitizers/issues/1614#issuecomment-2010316781). Let's keep this open until https://github.com/llvm/llvm-project/commit/58f7251820b14c93168726a24816d8a094599be5 is in a...

@thurstond Thanks for the explicit notification!

>it's quite hard to create an environment for reproducing it This should do the trick: - `sudo pacman -S qemu-common` - `sudo downgrade qemu-common -- --nodeps --nodeps` and downgrade to...

See https://github.com/llvm/llvm-project/issues/65144#issuecomment-3165843139 edit: Ah, it's not exactly the same assertion, but it's also specific to aarch64, so it may or may not be the same underlying reason.

> github tarball is simply and easy to refer to by tag. Tarballs and links are created automatically This is what we've done for 0.2.0 and 0.3.0. > Sign the...

> What about using of CMake's [CPack](https://cmake.org/cmake/help/latest/module/CPack.html) module I wasn't aware of that one. I think that's yet another option, but I don't think it's any better than `git archive`...