[Buildroot] [PATCH 3/3] cargo-bin: bump version to 0.30.0
Peter Korsgaard
peter at korsgaard.com
Sun Oct 21 21:24:53 UTC 2018
>>>>> "Eric" == Eric Le Bihan <eric.le.bihan.dev at free.fr> writes:
Hi,
>> This looks weird and suspicious. Has upstreaming modified their tarball
>> after releasing them ? Has their server been hacked, and the tarballs
>> replaced with some bad thing inside ?
> Void Linux seems to have the same issue [4]. They reverted a commit
> where the initial hash for cargo-0.30.0-i686 was
> 4b828c263283241ad1c99f30e0b5d8554b6dac2737d09cfd466b4c15b0d7296a (just
> like in my patch) to
> 43a5754d13fa0436b33c48b1f562b4198d6930efad3dc36284b88289ff20d74d (the
> new one). Sames goes for x86_64.
Ahh, ok.
> The key is listed among the official ones [5,6].
Thanks!
> Should the new patch with proper hashes mentions something like this?
> ```
> # From https://static.rust-lang.org/dist/cargo-0.30.0-i686-unknown-linux-gnu.tar.xz.sha256
> # Verified using https://static.rust-lang.org/dist/cargo-0.30.0-i686-unknown-linux-gnu.tar.xz.asc
> sha256
> 43a5754d13fa0436b33c48b1f562b4198d6930efad3dc36284b88289ff20d74d
> cargo-0.30.0-i686-unknown-linux-gnu.tar.xz
Looks good to me, please send a patch with that.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list