Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release asset sha256 sums seem a bit pointless #265

Closed
kke opened this issue Nov 1, 2021 · 0 comments · Fixed by #266
Closed

Release asset sha256 sums seem a bit pointless #265

kke opened this issue Nov 1, 2021 · 0 comments · Fixed by #266
Labels
chore Housekeeping / typo / code quality improvements

Comments

@kke
Copy link
Contributor

kke commented Nov 1, 2021

  • An intruder with access to the repository would replace the sha256 files as well.
  • They could then just push code, tag it and a release would appear automatically with sha256 files.
  • Download errors should be reported by the download tool
  • If the user does not trust github, hosting the sha256 files on github adds nothing
@kke kke added the chore Housekeeping / typo / code quality improvements label Nov 1, 2021
@kke kke mentioned this issue Nov 1, 2021
Merged
@kke kke closed this as completed in #266 Nov 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chore Housekeeping / typo / code quality improvements
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Stop generating and uploading sha256 files for releases k0sproject/k0sctl
1 participant
@kke