We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
As you might know (http://fabien.potencier.org/article/73/signing-project-releases), all Symfony releases are now signed (it has been the case since June 2013). It means that Git tag are signed, but it also means that we publish (https://github.com/sensiolabs/checksums) signed SHA1 for files installed by Composer.
It would be great if we could have an article explaining why checking the integrity of what users download is important and how to do it properly.
The text was updated successfully, but these errors were encountered:
👍
Maybe this is a duplicate of #4089?
Sorry, something went wrong.
Yep. Closing.
No branches or pull requests
As you might know (http://fabien.potencier.org/article/73/signing-project-releases), all Symfony releases are now signed (it has been the case since June 2013). It means that Git tag are signed, but it also means that we publish (https://github.com/sensiolabs/checksums) signed SHA1 for files installed by Composer.
It would be great if we could have an article explaining why checking the integrity of what users download is important and how to do it properly.
The text was updated successfully, but these errors were encountered: