You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 16, 2018. It is now read-only.
It'd be nice if you published and checked checksums for the .tar.gz
Upon thinking about this further, I feel like I am missing the purpose of this. The file is being downloaded via https, what is the value in using a checksum in this scenario?
@MichaelSimons I agree that it's probably not that important, but it is a convention on the UNIX side (check out some of the Linux Dockerfiles).
The check makes sure that the download is not corrupted. But notably, the government can still MITM you because they can serve both the download artifact and an md5 hash that matches.
Dockerfile should do a checksum verification on the CLI files downloaded.
The text was updated successfully, but these errors were encountered: