Robin Schneider
|
2d0a443ad2
|
Fix CI testing of signatures/checksums checking
Fixes: #25
|
2017-02-20 19:21:05 +01:00 |
|
Robin Schneider
|
36fbaf2d60
|
Update README
|
2017-02-20 06:58:03 +01:00 |
|
Robin Schneider
|
dbe5e78886
|
Fix version note in README
|
2017-02-20 06:58:03 +01:00 |
|
Robin Schneider
|
c213d9c20e
|
Check signatures/checksums to ensure authenticity
Please refer to [Verifying Node.js Binaries](https://blog.continuation.io/verifying-node-js-binaries/)
for why this is important.
Related to: https://github.com/asdf-vm/asdf/issues/158
Mitigates: https://github.com/nodejs/node/issues/9859
Mitigates: https://github.com/nodejs/node/issues/6821
Implementing this feature required some rework of the `install` script
which is included in this PR. The following other PR are
superseded/included in this one:
Closes: #15
Closes: #16
Closes: #19
Note that this PR also updates the base download URL from
"http://nodejs.org/dist" to "https://nodejs.org/dist" meaning that
before this PR (or #16 which is not merged), binaries where downloaded
over plain legacy HTTP! (those binaries where later executed by the
user). This is really bad and is fairly easy to exploit!
Related to: https://github.com/creationix/nvm/pull/736
Related to: https://github.com/creationix/nvm/issues/793
|
2017-02-20 06:58:02 +01:00 |
|
Akash Manohar
|
cdf560b8a2
|
Update to refer to new organization
|
2016-03-16 09:54:18 +05:30 |
|
Akash Manohar J
|
2c48d81ff7
|
Add readme
|
2015-05-24 09:57:40 +05:30 |
|