From 169f8f11db0431ceb97531e2470849544abcad5a Mon Sep 17 00:00:00 2001
From: Jonathan Leitschuh <Jonathan.Leitschuh@gradle.com>
Date: Wed, 15 Jan 2020 12:24:14 -0500
Subject: [PATCH] Mention the homoglyph detection capabilities in the README

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index aecf390..e4ad94e 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,12 @@ verify that any and all `gradle-wrapper.jar` files in the repository match the S
 
 If any are found that do not match the SHA-256 checksums of our official releases, the action will fail.
 
+Additionally, the action will find and SHA-256 hash all
+[homoglyph](https://en.wikipedia.org/wiki/Homoglyph)
+variants of files named `gradle-wrapper.jar`,
+for example a file named `gradlе-wrapper.jar` (which uses a Cyrillic `е` instead of `e`).
+The goal is to prevent homoglyph attacks which may be very difficult to spot in a GitHub diff.
+
 ## Usage
 
 Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build: