tersec
commented
4 months ago Does using a commit hash not work for this purpose?
Open ehmry opened 9 months ago
tersec
commented
4 months ago Does using a commit hash not work for this purpose?
Package versions need to be tagged in git. Fetching the repository, bisecting the history, and parsing the Nimble file is not practical.
Nimcrypto is not trustworthy without versions that can be reproducibly locked to git revisions.
Related #24