This repository has been archived by the owner on Jul 4, 2023. It is now read-only.
External patches should have checksums #22524
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
While this initially sounds like Issue #15631 I think there's a case saying that there should be basic checks against corrupt (accidental or otherwise) external patches.
An example of this could be a linked patch that is on a publicly modifiable webpage. It seems reasonable to assert the patch is likely in the same state as when the formula was accepted...
An extension of this could be a --insecure option that when used once no longer requires patch checksums / allows usage of resources that can't be checksumed thus preserving a degree of backwards compatibility.
The text was updated successfully, but these errors were encountered: