Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Created Build Security (markdown)

Dominik Schürmann 2015-06-16 00:00:19 +02:00
parent 01f7deef57
commit cc5562c6ac
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Build-Security.md Normal file

@ -0,0 +1,2 @@
1. On execution of ``./gradlew build``, the gradle wrapper downloads the actually required gradle version. This download is protected by SHA-256 verification [integrated by us into Gradle Wrapper](https://github.com/gradle/gradle/pull/448) (see [gradle/wrapper/gradle-wrapper.properties](https://github.com/open-keychain/open-keychain/blob/master/gradle/wrapper/gradle-wrapper.properties)).
2. All dependencies are either included as git submodules or downloaded from JCenter. JCenter dependencies are verified using SHA-256 by [Gradle Witness](https://github.com/WhisperSystems/gradle-witness) (see [OpenKeychain/build.gradle](https://github.com/open-keychain/open-keychain/blob/master/OpenKeychain/build.gradle)).