Question about checksum verification UX #3722
Unanswered
damonzwicker
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Quick question about the verification step in bat releases—
When downloading a binary, people run shasum/sha256sum and then compare hashes. That last step—comparing 64-character hashes by eye—is where things tend to break down (either skipped or done loosely).
I put together a minimal example that keeps the same checksum model but removes that comparison:
npx verafile verify file proof.json → VALID / INVALID
Example:
https://github.com/damonzwicker/verafile/tree/main/examples/open-source-release
Not about replacing signing—just turning verification into a clear result instead of a manual check.
Would simplifying that step increase how often people actually verify downloads?
Beta Was this translation helpful? Give feedback.
All reactions