Closed xaltsc closed 2 years ago
Interesting. A checksum for each file?
Yup, or at least the tar.gz
files as they're most used on Linux and I doubt Windows users have a use for it. Homebrew (if that still exists) may use tar.gz
files as well.
See the PR I'm trying to get merged https://github.com/void-linux/void-packages/pull/34515
Ok, thanks! The tar files are created automatically by the github CI workflow, so it’s a pity if a checksum can’t be added automatically in github. I’ll try to find out more.
@simeonschaub Hi! - you kindly added the CI release workflow here, but can you see any way to add checksums? I wondered whether the commit SHA would be useful...
Hey,
Not really an issue, rather a suggestion, but in order to package the font font some package managers, it is often required to provide a checksum to match against in order to ascertain that the file dowloaded is indeed the right one.
While this isn't very hard to compute from the packager side, it's evidently better if the creator itself could provide it, for security purposes.
GitHub itself sadly doesn't seem to provide an automatic way to do this, but a simple
sha256sum
should sufice, this is used by both arch and void.