The archive at commitaa51c69fdfae8872665ca422b0409b56b9e29ad9 is 191Mb and has this sha256 hash 150e8689466716ba89823e96cc109fc8b5d80424a50735cce3734f112d80f7d0
I know what you mean. I have a project where I place the hash in a file called SHASUM then I have a detached GPG signature of the SHASUM file in SHASUM.sig. Both must be updated when the file is changed.
This way, your project won't harm a user if the repo is hacked. They'll know the repo has been altered without your signature.
Will do, although it will change each time I update the repository so maybe i should do regular timestamped batches with hashes instead of on the main repo itself..
Will add once i get back to pc..
The archive at commit
aa51c69fdfae8872665ca422b0409b56b9e29ad9is 191Mb and has this sha256 hash150e8689466716ba89823e96cc109fc8b5d80424a50735cce3734f112d80f7d0I know what you mean. I have a project where I place the hash in a file called SHASUM then I have a detached GPG signature of the SHASUM file in SHASUM.sig. Both must be updated when the file is changed.
This way, your project won't harm a user if the repo is hacked. They'll know the repo has been altered without your signature.
Great idea, ill do this too
Will do, although it will change each time I update the repository so maybe i should do regular timestamped batches with hashes instead of on the main repo itself..
Will add once i get back to pc..