Merge pull request #1367 from MikeMcQuaid/audit-check-master-branch

audit: check for master branch tar/zipballs.
2016-10-30 13:29:47 -04:00 · 2016-10-30 13:29:47 -04:00 · 20c8c5958e
commit 20c8c5958e
parent 90e5de9115 337810bf3e
1 changed files with 5 additions and 0 deletions
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@ -1290,6 +1290,11 @@ class ResourceAuditor
      problem "Please use https:// for #{u}"
    end

+    # Check for master branch GitHub archives.
+    urls.grep(%r{^https://github\.com/.*archive/master\.(tar\.gz|zip)$}) do
+      problem "Use versioned rather than branch tarballs for stable checksums."
+    end
+
    # Use new-style archive downloads
    urls.each do |u|
      next unless u =~ %r{https://.*github.*/(?:tar|zip)ball/} && u !~ /\.git$/