Skip to content

Check the Gradle distribution checksum#564

Open
TheMrMilchmann wants to merge 1 commit into
assertk-org:mainfrom
TheMrMilchmann:main
Open

Check the Gradle distribution checksum#564
TheMrMilchmann wants to merge 1 commit into
assertk-org:mainfrom
TheMrMilchmann:main

Conversation

@TheMrMilchmann
Copy link
Copy Markdown

@TheMrMilchmann TheMrMilchmann commented Feb 24, 2025

It is generally a good idea to ensure the integrity of the Gradle distribution to prevent MITM attacks when downloading. (See https://docs.gradle.org/current/userguide/gradle_wrapper.html#sec:verification)

Keep in mind that this has to be updated alongside the distribution link.

jzbrooks
jzbrooks approved these changes May 10, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@jzbrooks jzbrooks left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good—the best way to upgrade these things is via the wrapper task anyway, which automatically updates this.

% shasum -a 256 ~/Downloads/gradle-8.4-bin.zip                                                                                                                    (master)
3e1af3ae886920c3ac87f7a91f816c0c7c436f276a6eefdb3da152100fef72ae  /Users/justin/Downloads/gradle-8.4-bin.zip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jzbrooks jzbrooks jzbrooks approved these changes

@evant evant Awaiting requested review from evant evant is a code owner

@rf43 rf43 Awaiting requested review from rf43

@nishtahir nishtahir Awaiting requested review from nishtahir

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TheMrMilchmann @jzbrooks