How to verify that the installation packages attached to the releases have been assembled from the source code

Question

vladimiry opened this issue 5 years ago · 2 comments

Attached to the releases installation packages get automatically assembled from the source code with the help of the Continuous Integration systems (CI). So it's a completely reproducible process, ie anyone can fork the project and independently build the installation packages from the source code using the same CI systems.
Releases include the publicly available links to the CI build logs.
Those logs include the hash sums of the prepared installation packages (hash sums printed at the end of the log).

Answer 1 · 2019-07-08T10:32:26.000Z

Referencing with #146.

Answer 2 · 2020-03-11T19:32:11.000Z

Printing hash-sums into the CI output log originally enabled in v2.0.0-beta.9.