The native-samples project is downloading the LLVM toolchain over HTTP without any integrity check. These either need an integrity check added before they are executed, or the should be downloaded over HTTPS.
I can’t open an issue against that repository because the issue tracker is closed down.
The native-samples project is downloading the LLVM toolchain over HTTP without any integrity check. These either need an integrity check added before they are executed, or the should be downloaded over HTTPS.
I can’t open an issue against that repository because the issue tracker is closed down.
https://github.com/gradle/native-samples/blob/6fbae41974772123a847071d4fa6be861d316b00/cpp/provisionable-tool-chains/buildSrc/build.gradle#L107-L117