As a build engineer,
I want to prove authenticity of artifacts by SHA1 (for computed list, without transitive dependencies),
so that I can give a guarantee to a release manager that the deployment binaries was not changed between stage and production environment.
As a build engineer, I want to prove authenticity of artifacts by SHA1 (for computed list, without transitive dependencies), so that I can give a guarantee to a release manager that the deployment binaries was not changed between stage and production environment.