Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support tag and commit ID verification. #35

Open
josh-padnick opened this issue Feb 23, 2018 · 0 comments
Open

Support tag and commit ID verification. #35

josh-padnick opened this issue Feb 23, 2018 · 0 comments
Labels
enhancement New feature or request

Comments

@josh-padnick
Copy link
Contributor

In #34, we added the ability to validate a release asset by its checksum. But what to do about files downloaded straight from the repo? It seems the best we can do here is to validate the commit itself versus individual files, so one possibility is that fetch could be updated so that you can pass in both --tag and --commit-id and if the two don't match, fetch will fail. This will inoculate users against git tags whose associated git commit has been changed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brikis98 @infraredgirl @josh-padnick