Ability to verify checksum (immutable approach)

spring-projects-experimental / spring-boot-thin-launcher

Tools for building "thin" executable jars, with a focus on, but not exclusively for, Spring Boot

https://github.com/dsyer/spring-boot-thin-launcher

Apache License 2.0

680 stars 90 forks source link

Ability to verify checksum (immutable approach) #27

Open slavashvets opened 6 years ago

slavashvets commented 6 years ago

As a build engineer, I want to prove authenticity of artifacts by SHA1 (for computed list, without transitive dependencies), so that I can give a guarantee to a release manager that the deployment binaries was not changed between stage and production environment.

dsyer commented 6 years ago

Why "without transitive dependencies"? Don't you need to verify all dependencies?