Hendursaga
Hendursaga
### Provide environment information ```bash N/A ``` ### To Reproduce N/A ### Describe the Bug Since `0.10.1`, Zig releases have been cryptographically signed using https://jedisct1.github.io/minisign/ which I believe is compatible...
### Provide environment information ```bash N/A ``` ### To Reproduce N/A ### Describe the Bug Since `0.10.1`, Zig releases have been cryptographically signed using https://jedisct1.github.io/minisign/ which I believe is compatible...
It would be nice to pin the DarkReader package to a specific version, hard-code the SHA-512 hash, then subsequently verify the download. Then we'll have greater reproducibility and security.
I really don't see how sustainable downloading a huge bundle of dependencies from an external repository and then running a handwritten bash/PowerShell script to compile and package everything is going...