Holochain Forum

Verifying downloads on the Git repository?

Friends :slight_smile:
I was interested earlier today in downloading the Holochain launcher in order to start playing with the Kizuna app (running kizuna on launcher | Kizuna).

When I went to download the Launcher, I noticed there was no verification hashes, and as we are dealing with software strongly reliant on cryptographic security, I balked to continue.

Is there a reason that verification is not being used in this case, is that something worth changing?

Honestly a newbie, so thanks in advance for any guidance. :slight_smile:

things aren’t really at that stage of maturity yet, I think is the main answer that I know of.
many things in the space continue to have disclaimers such as ‘pending a full security audit’ which just relates to external oversight on security of holochain.

measures like the verification hashes would be adopted across the board upon moving from fast and furious alpha releases, when going into beta and beyond