SHA-256 checksums file for each new release #856
Description
- This is a bug report
- This is a feature request
- I searched existing issues before opening this one
Only somewhat similar issue I could find is #245, but that issue is asking for PGP-signed releases.
I believe a file of release binary SHA-256 checksums (e.g., as generated by sha256sum) included in each new GitHub release would be helpful for automation.
For example, when pinning and installing a specific version of hadolint via a script in a CI pipeline, the DevOps engineer must currently pre-download the binary, calculate the checksum, and store it in the script or an env var. Ideally, the engineer could provide only the desired version to the script, which could then compare the downloaded binary against the published release checksum as a basic form of integrity checking.
Note that I am not asking the project to retrofit previous releases with checksums, only add them to future releases.
Thanks for your time and this incredible tool!