PreVue icon indicating copy to clipboard operation
PreVue copied to clipboard
verified publisher icon open-source-labs

Release via GitHub with SHA

Open raphaklaus opened this issue 7 years ago • 2 comments

Downloading it via a static AWS link kind of sucks and is not secure. :\

raphaklaus avatar Mar 29 '19 12:03 raphaklaus

Hey Raphael,

Thanks for the feedback! The download link is a secure connection so we're not sure what you're referring to exactly? Can you provide us with more specific details?

Thanks, Annette

al2613 avatar Mar 30 '19 02:03 al2613

No, no. I mean, there is no way to ensure the build from AWS is from this source code. You should provide the SHA signature along with the build link from the build system used (Circle, Jenkins, etc).

Search for best security practices using SHA algorithm in open source projects.

raphaklaus avatar Mar 30 '19 16:03 raphaklaus