Skip to content

Something needs to be done with software that have non-versioned url #3313

Answered by denelon
soredake asked this question in General

You must be logged in to vote

It's unlikely we would ignore the SHA256 check by default or specify that behavior in a manifest. We don't always know which packages have what we're calling a "vanity URL".

In some cases, even what appears to be a versioned URL will have a hash mismatch when a publisher updates the binary it's pointing to.

We've created a couple of related Issues, but they haven't received much attention in terms of 👍 to raise priority.

We do perform daily scans for all installer URLs to detect and autocorrect where we can.

Replies: 4 comments 2 replies

You must be logged in to vote
0 replies

You must be logged in to vote
1 reply
@timber-schroeder

Answer selected by denelon

You must be logged in to vote
1 reply
@denelon

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
5 participants