dhensby
commented
6 years ago hmm - the sha needs to be updated whenever a new build is published (which is done automatically via travis) so this needs to be part of the phar build process
Closed Firesphere closed 6 years ago
dhensby
commented
6 years ago hmm - the sha needs to be updated whenever a new build is published (which is done automatically via travis) so this needs to be part of the phar build process
dhensby
commented
6 years ago I'm closing this as stale - we can now push users to install via composer rather than via bash
The installer is blindly trusting the SSPAK to be the real deal. verifying the SHA against the known value of what it should be is safer.