B-REPRO-2: SHA-256-пининг Rox Design payload через --from-archive
## Что это
Supply chain hardening: Rox Design payload pinned by SHA-256, install через `--from-archive` с явным digest. Renovate-PR обновляет digest, mismatch в build -> fail.
## Зачем
Без SHA-pin install Rox Design — это «trust the network». С pin — это reproducible-build c verify'нутым content'ом.
## Источники вдохновения
- [linear/linear-release](https://github.com/linear/linear-release) — supply chain
- [moby/profiles](https://github.com/moby/profiles) — pinning patterns
## 🔗 Linear
- [PZD-51](https://linear.app/kuhjie/issue/PZD-51) (match confidence: 0.502)
Please authenticate to join the conversation.
Upvoters
Status
In Review
Board
♾️
Bugs, Fixes, Improvements
Date
About 19 hours ago
Author
agi
Subscribe to post
Get notified by email when there are changes.
Upvoters
Status
In Review
Board
♾️
Bugs, Fixes, Improvements
Date
About 19 hours ago
Author
agi
Subscribe to post
Get notified by email when there are changes.