Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0.3.1 checksum changed #96

Closed
iMichka opened this issue Feb 14, 2022 · 2 comments
Closed

0.3.1 checksum changed #96

iMichka opened this issue Feb 14, 2022 · 2 comments

Comments

@iMichka
Copy link

iMichka commented Feb 14, 2022

Hi. I am a maintainer of the Homebrew package manager.
We noticed that the checksum of the 0.3.1 release has changed from (sha256): 8d880bdd2a4f0c6817c71d5da4e22c5ba5dafa2cec712101950fce530f20ea12 to 72b86f11f0674e88c01753e262947425e8ff4396aacfe03ddb7d3bf17b89e8dd

This is a major security issue as upstream release checksums are not supposed to change. Did you retag the release (which is something that should never been done, see https://git-scm.com/docs/git-tag#_discussion). Or did someone gain access to your repo?

See Homebrew/homebrew-core#95105 for the issue on our side.

@im2nguyen
Copy link
Owner

I accidentally retag the release. My bad, what can I do to resolve it?

@iMichka
Copy link
Author

iMichka commented Feb 16, 2022

Thanks for the clarification. Right now it's too late for that release.

Next time the best is probably to leave the tag on the old commit, and create a new 0.3.2 release instead.

@iMichka iMichka closed this as completed Feb 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants