[erlang-questions] Missing checksums for github.com/erlang/otp/releases

Gerhard Lazu <>
Wed Jan 9 18:08:38 CET 2019


I think it would be great to have checksums publicly available when a new
Erlang/OTP patch is tagged on GitHub. Something as simple as this will do:

sha256sum OTP-21.2.2.tar.gz > OTP-21.2.2.tar.gz.sha256
curl --request POST --data-binary "@OTP-21.2.2.tar.gz.sha256" --header
"Content-Type: text/plain"
https://uploads.github.com/repos/erlang/otp/releases/OTP-21.2.2/assets?name=OTP-21.2.2.tar.gz.sha256

Is this something that others are missing? If not, how do you answer "*I
know that this Erlang/OTP build is legit*" in your production environments?

Thank you, Gerhard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190109/5b0600a9/attachment.html>


More information about the erlang-questions mailing list