checksumPolicy

ChecksumPolicy is a configuration option used by software systems to govern how cryptographic checksums are handled when downloading, caching, or validating artifacts. The policy defines whether checksums are validated, what to do if a checksum is missing or incorrect, and which checksum algorithms are considered acceptable. The goal is to protect against tampering and data corruption while balancing performance and availability.

Common values include: fail or enforce (abort on a mismatch or absence of a valid checksum), warn

Scope and application: ChecksumPolicy can be configured globally or per repository, per artifact, or per download.

Security and best practices: Verifying checksums helps detect corruption and tampering; avoid weak algorithms like MD5;

See also: checksum, hash, accidental corruption, reproducible builds.