wraith remnant
When downloading a package for the first time, some languages verify the hash of received file just to make sure it is secured.
For example see https://go.dev/ref/mod#authenticating
Do we need such a mechanism for Ballerina as well? Or is there already such?
dim chasm
@hot dust @quartz eagle
quartz eagle
We already have the hash for the package. The verification logic for the Ballerina CLI is currently under implementation.