Comment 22 for bug 1921536

Canonical has provided a signature for an exact set of bytes in the .ko file. The packaging needs to relink the object files into that exact set of bytes on the target system for the signature to match. The relinking is required for license compliance AIUI. binutils does the linking. If you use a different version of binutils, it may generate a different set of bytes that fails the signature check.

Can you elaborate on what you think Ubuntu should be doing differently?