-
When omitting optional argument `checksums` error being throw: `Unsupported cryptographic algorithm`
https://github.com/jaredcat/WiFiList/actions/runs/10190739186/job/28191021725
-
Prefer checksums from cryptographic hash functions that have not yet been broken by collisions.
As soon as supported by bagit standard and implementations, we should go for [`sha3`](https://en.wik…
nuest updated
6 years ago
-
**What happened**:
I checked the Releases page. No signature of the checksum file was found and no link to a way of checking its integrity.
**What you expected to happen**:
I expected to see …
-
**Is your feature request related to a problem? Please describe.**
As a best practice for automated installations, releases downloaded from the internet really should be signed and verified using t…
-
Could you add code signing for the hash file, so that we can verify the download with a trust anchor ?
Thanks in advance
nipil updated
2 weeks ago
-
Triggered by . Thanks, @IMSoP!
`hash_hmac()` has a respective changelog entry:
https://github.com/php/doc-en/blob/feab22a6798fbb9137f9bbdb2b94ae0182cb950e/reference/hash/functions/hash-hmac.xml#…
cmb69 updated
2 months ago
-
At some point, we had advertised that MMIF would encode file checksums in the `Document` objects for checking data integrity. I want to bring it to the discussion, specifically related to these questi…
-
What this means in detail depends on the generator.
- For `debian`, nothing needs to be done since Debian packages are usually not signed. Debian, Ubuntu etc. just sign the repository metadata (which …
-
In SPEC files there is the Source0/SourceX directive to specify the sources. Example:
Source0: http://releases.nixos.org/patchelf/patchelf-%{version}//%{name}-%{version}.tar.bz2
cf. https://…
-
As an SCS operator, I want to have a complete list of software (SBOM) (along with sources and versions) that gets pulled into my SCS deployment.
## TODO:
- [x] Collect SW included in container ima…