The hash isn’t there for security, it’s to make sure the code you’re building against doesn’t randomly change which could make the derivation fail to compile.
For example, for the source, you can specify a literal HTTP download from a URL, and that file could be changed by the host at any given time, so it’s there as a safeguard.
Thanks for all of this information. Reading through documentation gives information on how to do things when everything is working perfectly. It’s a large leap for a newcomer to handle the imperfect case.
The hash isn’t there for security, it’s to make sure the code you’re building against doesn’t randomly change which could make the derivation fail to compile. For example, for the source, you can specify a literal HTTP download from a URL, and that file could be changed by the host at any given time, so it’s there as a safeguard.
Thanks for all of this information. Reading through documentation gives information on how to do things when everything is working perfectly. It’s a large leap for a newcomer to handle the imperfect case.