Re: [alpine-devel] ABUILD checksums verification
This is not a problem as the file includes an md5sum, which is still
On Mon, Aug 14, 2017 at 9:59 PM Tmp File <tmpfile_at_mail.com> wrote:
> Hello Alpinists.
> I thought abuild refused to build packages in case the sha512sum was
> absent or wrong.
> So when I noticed a commit that pushed a package with no sha512sum I
> expected it to fail.
> But to my surprise the package was built!
> It can now be found on the official repository.
> If the sha512sum is being ignored and any package is being built and
> distributed... this sounds like security issue.
> If I made any mistake please clear up.
> But as I understand right now py-redis was built and distributed without
> verification of sha512sum.
> Unsubscribe: alpine-devel+unsubscribe_at_lists.alpinelinux.org
> Help: alpine-devel+help_at_lists.alpinelinux.org
-- Kiyoshi Aman
Received on Tue Aug 15 2017 - 03:03:10 GMT