The Registry Service Specification says in 4.4.1. Integrity verification:
A client SHOULD verify the integrity of a downloaded source archive
Can we change this to a MUST or is there a reason this is a SHOULD?
2 Likes