Re: [alpine-devel] ABUILD checksums verification
Just after sending the email I realized my mistake.
It happens that py-redis *does* have valid sha512sum but the commit was truncated above it (just after md5sum).
I'm ashamed of this mistake and for causing trouble over nothing.
> Sent: Monday, August 14, 2017 at 11:59 PM
> From: "Tmp File" <tmpfile_at_mail.com>
> To: alpine-dev <alpine-devel_at_lists.alpinelinux.org>
> Subject: [alpine-devel] ABUILD checksums verification
> Hello Alpinists.
> I thought abuild refused to build packages in case the sha512sum was absent or wrong.
> So when I noticed a commit that pushed a package with no sha512sum I expected it to fail.
> But to my surprise the package was built!
> It can now be found on the official repository.
> If the sha512sum is being ignored and any package is being built and distributed... this sounds like security issue.
> If I made any mistake please clear up.
> But as I understand right now py-redis was built and distributed without verification of sha512sum.
> Unsubscribe: alpine-devel+unsubscribe_at_lists.alpinelinux.org
> Help: alpine-devel+help_at_lists.alpinelinux.org
Received on Tue Aug 15 2017 - 05:04:06 GMT