Kenton wrote: > Hi Troy, > > Assuming you're downloading a specific release, I'd recommend checking the > hash against a known-good hash, with a command like: > > echo 'b28054a7a2bfea42bfc392c8d009630d94d72e8ce86a23ad6f18b5e72574064f > capnproto-c++-0.9.0.tar.gz' | sha256sum -c >
This is what I'm currently doing for Rust, via Rustup-init. If you don't mind, I'll just ask the list for the SHA256 of future releases if it's not included in the release announcement. > Whenever you update to a newer version, you'd update the hash. > > I'm not against also signing releases with an asymmetric key, but I don't > think I'll have time to set up the infrastructure for that any time soon, > sorry. > I totally understand. I haven't signed a release in ages. Thanks! -- You received this message because you are subscribed to the Google Groups "Cap'n Proto" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/capnproto/13f15b70-cdd9-4180-97de-92d1bb526cd5n%40googlegroups.com.
