missing code verification with GPG signatures or published checksums

gruntwork-io / fetch

Download files, folders, and release assets from a specific git commit, branch, or tag of public and private GitHub repos.

https://www.gruntwork.io/

MIT License

589 stars 90 forks source link

Closed MaxPeal closed 3 years ago

MaxPeal commented 4 years ago

its Best Practices to have code verification with GPG signatures or checksums https://github.com/docker-library/official-images#security

can you add it to fetch please?

brikis98 commented 4 years ago

I believe this is already supported for assets. See --release-asset-checksum in the docs.

brikis98 commented 3 years ago

Closing due to lack of activity.