Joe Conway <mail@joeconway.com> writes:
> I think it would be nice to include a sha256 hash (or something similar)
> of the libraries as well, so that they can be checked against known good
> values.
That seems well outside the charter of this patch. Also, how would
we even get that information? A typical application doesn't know
exactly what libraries it's linked with or where they came from on
the filesystem. Maybe one could find that out with sufficient
platform-specific hackery, but I don't believe we could do it
portably.
regards, tom lane