Closed mxr closed 5 months ago
I'm not entirely sure about the general applicability in the context of tool downloaded jars. I'm wondering if it would be easier to run the sha check based on the values provided within the github release (assuming that they are present).
Still no strong objections on having such feature and eventually expanding from there.
Feel free to open a PR to support it
The GitHub release doesn't always have the SHA. I can work on a PR. Thanks!
Various hooks download jars if they aren't present. Would you consider adding the option to specify a file checksum in addition to a version, to ensure the integrity of downloaded jars? Then after the file is downloaded, the actual checksum would be compared to the one provided in the hook config
The hook config would look something like: