Closed adam-enko closed 5 days ago
This feature request is in the backlog of the relevant team and is prioritized by them.
This issue is a good choice for first-time contributors to Gradle, it is actionable and ready for contribution.
See CONTRIBUTING.md for more information.
The message should be something like:
Visit https://gradle.org/release-checksums/ to verify the checksums of official distributions.If your build uses a custom distribution, see with its provider.
We should not remove any of the current information however. Hiding a value because someone could copy paste it does not feel like the right balance against having the value available to be reported to a security team.
@ljacomet @adam-enko This is my first contribution to gradle project, please help review it 🙇
Expected Behavior
When verification fails, Gradle prints the actual checksum, and instructions to a trusted source about how to get the expected checksum.
It is hard to copy/paste the actual checksum. It is clear how to actually verify that actual checksum is correct.
Current Behavior (optional)
When verification fails, Gradle prints the expected checksum.
It is easy to copy/paste the displayed checksum. It is not clear how to actually verify that actual checksum is correct.
Context
When verification fails, Gradle prints the expected checksum.
It is easy to copy/paste the displayed checksum. It is not clear how to actually verify that actual checksum is correct.