Open ghost opened 1 year ago
trapexit
commented
1 year ago If someone has access to an account such that they can upload arbitrary content then they can also change the hash file. So the only value is ensuring no corruption which statisticly it is more likely a build fails or is broken somehow than the data becomes corrupted. Especially given the packages are compressed.
I can add it but I see very little functional value.
ghost
commented
1 year ago If someone has access to an account such that they can upload arbitrary content then they can also change the hash file. So the only value is ensuring no corruption which statisticly it is more likely a build fails or is broken somehow than the data becomes corrupted. Especially given the packages are compressed.
I can add it but I see very little functional value.
The installation packages can be corrupted on the user's end during or after downloading.
Alright, please consider adding the checksum files if you can automate or otherwise trivialize the the process.
Is your feature request related to a problem? Please describe.
Checksums allow users to verify the integrity of their downloads — for most users (I presume), mergerfs is certainly an integral piece of software.
Fedora for instance still doesn't have mergerfs in their repository.
Describe the solution you'd like Generate plaintext files such as
SHA256SUM, etc., containing the checksum for every mergerfs release asset (see rescuezilla as an example).Describe alternatives you've considered
N/A