Closed Firesphere closed 6 years ago
hmm - the sha needs to be updated whenever a new build is published (which is done automatically via travis) so this needs to be part of the phar build process
I'm closing this as stale - we can now push users to install via composer rather than via bash
The installer is blindly trusting the SSPAK to be the real deal. verifying the SHA against the known value of what it should be is safer.