Clone
Cédric Champeau
committed
on 24 Dec 19
Verify checksums for artifacts which declare them even if signature passes
This is done because signatures are done on the hash of artifacts… Show more
Verify checksums for artifacts which declare them even if signature passes

This is done because signatures are done on the hash of artifacts and

not on the artifact contents itself, so if you want to ensure both

integrity and provenance, you need to check both.

Show less

green-master + 112 more