Closed alikins closed 5 years ago
Partially implemented by https://github.com/ansible/mazer/pull/277
that was provided by the galaxy REST API.
Split the checksum and signature aspects of this feature request into this issue and #278
This is fixed by #277. Closing.
Feature Request
Use Case
Currently, there is no way to verify a downloaded ansible collection artifact is the artifact that was intended, or to verify it hasn't been corrupted or manipulated. There is a detached sha256sum of the artifact calculated and included on 'mazer publish', so that should be exposed in Galaxy API and used by mazer.