I'm approving this, as the code looks ok, and it isn't breaking install of packages on production, nor the purchasing of an app. However, I was unable to get a clear verification of what happens when a package has an invalid hash.
« Back to merge proposal
I'm approving this, as the code looks ok, and it isn't breaking install of packages on production, nor the purchasing of an app. However, I was unable to get a clear verification of what happens when a package has an invalid hash.