*Hey all,*
I think it*makes sense to provide the following information about each
3rd party diff review:**
*
* *
Name of the package that was reviewed
*
Version the review started at, and the hash of that source tarball
*
Version the review ended at (i.e. the version that one updated to),
and the hash of that source tarball
*
(Ideally) the above content is GPG signed
*
*
Let me know if something important is missing, else we'll begin doing
this for SecureDrop dependency updates.
Best,
Jen
*
--
Jennifer Helsby, Ph.D.
SecureDrop Lead Developer
Freedom of the Press Foundation
<jen(a)freedom.press>
GnuPG: F48E CC56 4980 83F1 80DF F943 DA05 B7C5 2ABA F334
Twitter: @redshiftzero
Github: https://github.com/redshiftzero
