

Show HN: Pharaoh – Diff PHARs (executable PHP Archives) - paragonie
https://github.com/paragonie/pharaoh

======
voodooKobra
What it does: Tells you what the differences are between two .phar files.

Why it's useful:

Download a .phar (say, phpunuit) then separately build the .phar from source.
Now you can compare the two and verify the following:

    
    
        a. Has this been tampered with on the download server?
        b. Does this .phar match the source code at the same tag?
    

See also: [https://defuse.ca/triangle-of-secure-code-
delivery.htm](https://defuse.ca/triangle-of-secure-code-delivery.htm)

