Code review comment for lp:~alecu/unity-scope-click/verify-sha512

I'm approving this, as the code looks ok, and it isn't breaking install of packages on production, nor the purchasing of an app. However, I was unable to get a clear verification of what happens when a package has an invalid hash.