luca vogt

Results 2 comments of luca vogt

Enforce SHA-256 for all external downloads

## Summary Introduces //tools:download.bzl with secure_download() macro. Build fails if SHA-256 missing/wrong – mitigates supply-chain RCE reported in Google VRP issue 462506853. ## Testing bazel test //... passes; intentional hash...

Enforce SHA-256 for all external downloads

CLA already signed – see https://cla.developers.google.com/clas/signed (Luca Vogt)