Verify tarball checksum from Appstore when downloading app release #48505
Labels
1. to develop
Accepted and waiting to be taken care of
enhancement
feature: apps management
security
How to use GitHub
Is your feature request related to a problem? Please describe.
Releases are not stored on the Appstore but on 3rd party services. In case of security issues an attacker might replace the release tarball.
Describe the solution you'd like
When downloading a release on the server the checksum from the Appstore should be used to verify the release.
Appstore counter-part: nextcloud/appstore#1499
The text was updated successfully, but these errors were encountered: