Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checksums / hashes (SHA256, etc.) for release assets #1167

Open
ghost opened this issue Apr 2, 2023 · 2 comments
Open

Checksums / hashes (SHA256, etc.) for release assets #1167

ghost opened this issue Apr 2, 2023 · 2 comments

Comments

@ghost
Copy link

ghost commented Apr 2, 2023

Is your feature request related to a problem? Please describe.

Checksums allow users to verify the integrity of their downloads — for most users (I presume), mergerfs is certainly an integral piece of software.

Fedora for instance still doesn't have mergerfs in their repository.

Describe the solution you'd like
Generate plaintext files such as SHA256SUM, etc., containing the checksum for every mergerfs release asset (see rescuezilla as an example).

Describe alternatives you've considered

N/A

@trapexit
Copy link
Owner

trapexit commented Apr 2, 2023

If someone has access to an account such that they can upload arbitrary content then they can also change the hash file. So the only value is ensuring no corruption which statisticly it is more likely a build fails or is broken somehow than the data becomes corrupted. Especially given the packages are compressed.

I can add it but I see very little functional value.

@ghost
Copy link
Author

ghost commented Apr 2, 2023

If someone has access to an account such that they can upload arbitrary content then they can also change the hash file. So the only value is ensuring no corruption which statisticly it is more likely a build fails or is broken somehow than the data becomes corrupted. Especially given the packages are compressed.

I can add it but I see very little functional value.

The installation packages can be corrupted on the user's end during or after downloading.

Alright, please consider adding the checksum files if you can automate or otherwise trivialize the the process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant