audit: check for master branch tar/zipballs.

These have unstable checksums and aren't the tagged, stable releases we require.
2016-10-29 17:52:13 -04:00 · 2016-10-29 17:52:13 -04:00 · 337810bf3e
commit 337810bf3e
parent 0c140f0970
1 changed files with 5 additions and 0 deletions
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@ -1288,6 +1288,11 @@ class ResourceAuditor
      problem "Please use https:// for #{u}"
    end

+    # Check for master branch GitHub archives.
+    urls.grep(%r{^https://github\.com/.*archive/master\.(tar\.gz|zip)$}) do
+      problem "Use versioned rather than branch tarballs for stable checksums."
+    end
+
    # Use new-style archive downloads
    urls.each do |u|
      next unless u =~ %r{https://.*github.*/(?:tar|zip)ball/} && u !~ /\.git$/