You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@fluo.apache.org by GitBox <gi...@apache.org> on 2017/12/20 21:20:00 UTC

[GitHub] ctubbsii commented on issue #11: Verify checksums for files downloaded from Apache mirrors

ctubbsii commented on issue #11: Verify checksums for files downloaded from Apache mirrors
URL: https://github.com/apache/fluo-docker/issues/11#issuecomment-353185402
 
 
   I kind of like the hard-coded way best. We declare a specific version, so we should know what the expected checksum is for that particular version. This is what https://github.com/astralway/uno does, and it's a similar strategy to the W3C's subresource integrity checks for utilizing resources from CDNs: https://w3c.github.io/webappsec-subresource-integrity/

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services