docker and docker-completion: fix revision hash #22427
Conversation
|
As you can see in the link above, the tag in this formula points to the hash I've updated to, don't know what happened there. How and who to contact upstream with this? |
|
Yes, this PR updates the hash to something different from what it was originally in #22174 at which time it was verified as being correct. For security we don't change the tag commit hash without an explanation. Contact info is here https://www.docker.com/company/contact |
|
Support request number 00037354 created at Docker. |
|
@andrasmaroy thanks! We'll also need to bump the formula revision here, and make the same changes for the |
|
to bump revisions you need to add |
|
This should also affect the |
|
The release was done 9 days ago, but someone appears to have re-tagged this only a day ago: https://github.com/docker/docker-ce/tags |
[17.12] bump version to 17.12.0-ce
ilovezfs
changed the title
|
I'm not sure how the verification was done the first time, but it is pretty clear from the actual contents of the original commit sha1 that it is not the correct commit for that tag. Is there anything that can be done to prevent this sort of problem in the future? The process as-is (which seems pretty reasonable) appears to make it easier to make the mistake in the first place than it is to fix it afterwards. |
|
@rmg yes. Ask upstream never to retag. |
|
This will be taken care of by Thanks for bringing it to our attention @andrasmaroy! |
brew install --build-from-source <formula>, where<formula>is the name of the formula you're submitting?brew audit --strict <formula>(after doingbrew install <formula>)?Tag was updated in #22174 but the commit hash wasn't, updated according to the official repo.