-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Feature request: Publish integrity checksum for the binaries. #2930
Comments
Could you please link to some related documentation on how?
…On Wed, 3 Jun 2020, 10:59 pm Borys Ponomarenko, ***@***.***> wrote:
We do have a custom logic to download node-sass binaries with the help of
SASS_BINARY_SITE environment variable, however there is not way to
validate integrity of the binaries from GitHub releases page.
It would be really useful if you would publish integrity checksums along
the binaries.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2930>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAENSWBLFTV2LLRJDGNDCGDRUZCJ3ANCNFSM4NRUSPVA>
.
|
It can be similar to what npm does. Any generated The exact implementation for the file hash generation will depend on the platform and language, but here is an example on how to do that from command line on linux: https://linux.die.net/man/1/sha512sum Having a single table with the binary name and binary integrity hash, published in multiple channels (not only GitHub releases) would be helpful. |
Here is another example on how Node.js publishes their binaries: https://nodejs.org/download/release/latest-v14.x/ |
We do have a custom logic to download
node-sass
binaries with the help ofSASS_BINARY_SITE
environment variable, however there is not way to validate integrity of the binaries from GitHub releases page.It would be really useful if you would publish integrity checksums along the binaries.
The text was updated successfully, but these errors were encountered: