chocolatey / package-validator

Windows service to validate packages conform to package standards
Apache License 2.0
31 stars 29 forks source link

[Required] Use of checksum #143

Open gep13 opened 8 years ago

gep13 commented 8 years ago

In all packages.

ferventcoder commented 8 years ago

Any package that downloads remote resources - we may be able to be verify out of band downloading as well and add notes to check for checksum validation.

AdmiringWorm commented 7 years ago

I'm thinking it should also check if the checksum is mentioned in the VERIFICATION.txt file. Thoughts?

ferventcoder commented 7 years ago

@AdmiringWorm not really - vendors can simply say this is their tool and not provide a checksum