-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tarball release mutated in place (v1.0.0-rc6) #2895
Comments
This happened because of #2537, but the tarballs shouldn't have changed (in fact the tarball is actually malformed now). I will fix it up. (However I would mention that nobody should be using runc-1.0.0-rc6 anymore -- it is hideously out of date and is missing quite a few security critical patches.) |
Okay, the 1.0.0-rc6 tarball has been fixed. I will check the other releases as well. |
Oh no, it looks like all the releases up until -rc92 have malformed tarballs... (Which means they all had their artefacts changed in 2020 as well.) EDIT: I did a rebuild and re-publish of all releases that had broken archives (from 1.0.0-rc2 up to 1.0.0-rc91, inclusive). |
Agreed; we're now using 1.0.0-rc93. Thanks for fixing the tarballs! |
Hello,
It was reported to Guix that the tarball for the v1.0.0-rc6 release was mutated in place, and indeed it has:
It seems a slash went missing in the modified tarball? I'm not sure what was this change motivated by, but in any case, changes to tarballs should go to a new, differently named, tarball (e.g., patch release), otherwise many downstream users will be affected (e.g., those verifying the checksum of the release tarballs).
Thank you!
The text was updated successfully, but these errors were encountered: