You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's currently no way to make sure the installer available on a release is indeed the one built by the CI, and hasn't been swapped out in the meantime. The Docker builds already show hashes everywhere, so this only really needs to be added for the windows .MSI.
Calculating and printing the hashes in the build logs would make this information available to anyone who wants to check for themselves.
I guess this would be done the easiest in the windows build script? Or maybe through a spare action on the marketplace if one exists.
The text was updated successfully, but these errors were encountered:
Difegue
changed the title
Log hashes for the built windows installer in CI
Log SHA256 hash for the built windows installer in CI
Sep 22, 2020
Difegue
changed the title
Log SHA256 hash for the built windows installer in CI
Log SHA256 hash for released windows installers in CI
Sep 22, 2020
There's currently no way to make sure the installer available on a release is indeed the one built by the CI, and hasn't been swapped out in the meantime. The Docker builds already show hashes everywhere, so this only really needs to be added for the windows .MSI.
Calculating and printing the hashes in the build logs would make this information available to anyone who wants to check for themselves.
I guess this would be done the easiest in the windows build script? Or maybe through a spare action on the marketplace if one exists.
The text was updated successfully, but these errors were encountered: