Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use checksums to verify integrity of the downloads #7

Open
Pauan opened this issue Mar 13, 2020 · 0 comments
Open

Use checksums to verify integrity of the downloads #7

Pauan opened this issue Mar 13, 2020 · 0 comments
Labels
enhancement New feature or request status - PR Welcome This issue is well-defined and community PRs are welcome

Comments

@Pauan
Copy link

Pauan commented Mar 13, 2020

On Discord somebody mentioned that they won't use wasm-pack because it is insecure, because it is downloading a foreign URL without using a checksum to verify the integrity.

I agree with them, I think for security it's important to verify checksums on all downloaded binaries.

So first this will have to be added to binary-install, and then wasm-pack can be changed to use the checksums.
@EverlastingBugstopper EverlastingBugstopper added enhancement New feature or request status - PR Welcome This issue is well-defined and community PRs are welcome labels Mar 19, 2020
EverlastingBugstopper pushed a commit that referenced this issue May 1, 2020
@drager
Merge pull request #7 from EverlastingBugstopper/avery/version-versio…
2e94979 
…n-version-version-version-version

Add ability to output version numbers in cache download directory
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request status - PR Welcome This issue is well-defined and community PRs are welcome
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Pauan @EverlastingBugstopper