From 337810bf3ee19aed4cc1bac3489bf269ead246fd Mon Sep 17 00:00:00 2001
From: Mike McQuaid <mike@mikemcquaid.com>
Date: Sat, 29 Oct 2016 17:52:13 -0400
Subject: [PATCH] audit: check for master branch tar/zipballs.

These have unstable checksums and aren't the tagged, stable releases
we require.
---
 Library/Homebrew/dev-cmd/audit.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb
index 12eaf9167e..2c5fdcc957 100644
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@@ -1288,6 +1288,11 @@ class ResourceAuditor
       problem "Please use https:// for #{u}"
     end
 
+    # Check for master branch GitHub archives.
+    urls.grep(%r{^https://github\.com/.*archive/master\.(tar\.gz|zip)$}) do
+      problem "Use versioned rather than branch tarballs for stable checksums."
+    end
+
     # Use new-style archive downloads
     urls.each do |u|
       next unless u =~ %r{https://.*github.*/(?:tar|zip)ball/} && u !~ /\.git$/