Downloaded binaries should be hashed/verified. #34
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
To help ensure software supply chain security, this file needs to be hashed (SHA-2 256 or better) and verified against a copy of the hash that we store in this repository. Another option is to have the nix package manager install it, or have the user install it manually.
Originally posted by @stephen-fox in #33 (comment)
The text was updated successfully, but these errors were encountered: