Mail archive

[alpine-devel] ABUILD checksums verification

From: Tmp File <>
Date: Tue, 15 Aug 2017 04:59:06 +0200

Hello Alpinists.

I thought abuild refused to build packages in case the sha512sum was absent or wrong.
So when I noticed a commit that pushed a package with no sha512sum I expected it to fail.
But to my surprise the package was built!
It can now be found on the official repository.
If the sha512sum is being ignored and any package is being built and distributed... this sounds like security issue.

If I made any mistake please clear up.
But as I understand right now py-redis was built and distributed without verification of sha512sum.


Received on Tue Aug 15 2017 - 04:59:06 UTC