Does sftp eliminate the need to check sha1sum?
Matt Bruzek
matthew.bruzek at canonical.com
Wed Jan 13 18:46:51 UTC 2016
I recently reviewed a charm that is using sftp to download the binary files
with a username and password. The charm does not check the sha1sum of
these files.
The Charm Store Policy states: Must verify that any software installed or
utilized is verified as coming from the intended source
https://jujucharms.com/docs/stable/authors-charm-policy
Does using sftp eliminate the need to check the sha1sum of the files
downloaded?
What does the Juju community say to this question?
- Matt Bruzek <matthew.bruzek at canonical.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20160113/e72f710b/attachment.html>
More information about the Juju
mailing list