-
-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Checksums / hashes (SHA256, etc.) for release assets #1167
Comments
If someone has access to an account such that they can upload arbitrary content then they can also change the hash file. So the only value is ensuring no corruption which statisticly it is more likely a build fails or is broken somehow than the data becomes corrupted. Especially given the packages are compressed. I can add it but I see very little functional value. |
The installation packages can be corrupted on the user's end during or after downloading. Alright, please consider adding the checksum files if you can automate or otherwise trivialize the the process. |
Is your feature request related to a problem? Please describe.
Checksums allow users to verify the integrity of their downloads — for most users (I presume), mergerfs is certainly an integral piece of software.
Fedora for instance still doesn't have mergerfs in their repository.
Describe the solution you'd like
Generate plaintext files such as
SHA256SUM
, etc., containing the checksum for every mergerfs release asset (see rescuezilla as an example).Describe alternatives you've considered
N/A
The text was updated successfully, but these errors were encountered: