[Suggestion] Publish list of YouTube SHA256 hashes and make the action automatically validate the YouTube IPA #1501
Labels
question
Further information is requested
Comments
|
Things and enviroment can vary, each .ipa even built off the same commit probably has a different hash... |
|
I’m talking about the input IPA that the user puts into the GitHub action |
Well those would certainly have different hashes, different dumping programs dump differently, plus each ios + phone combination have slightly different .ipa's even if you were to strip the app thinning, it would basically impossible to get the same decrypted .ipa file twice, even in the same environment, same tools. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Have you read the FAQ?
Is there an existing issue/question for this?
Do you think this is a bug?
❌ No, I don't think this is a bug. I will explain below
My question
There is no suggestion template, so I figured question was better than issue. Anyway, I was wondering whether you’d be able to publish a list of SHA256 hashes of the YouTube ipa, and have the GitHub action automatically validate it (by default).
Disclaimer: I would assume publishing hashes would be fine, since lots of existing legitimate projects (such as redump) publish hashes of copyrighted content. However, IANAL
Additional context
No response
The text was updated successfully, but these errors were encountered: