You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
1.8.17 has been retagged because of #5446
This is bad practice and should be avoided. Please just tag a new version.
To Reproduce
Steps to reproduce the behavior:
Download tarball on 2022-02-24, have b2 checksum 313b21baefdad6f2958cceabc6a96ffc4e57763c928dd760d25d26d2b2caa592ac0b7169cdcd81745252e5d51aa4170a2a01c24c1053abdda0ea207636f10930
Download tarball on 2022-02-28, have b2 checksum 06236b554f8be7428c7249b0b065b5bdc96c8a876046bfaf1af022bcfbe35926daf8af120989a8385c8c5bed6e8bcae5ea4d915e4b695b3b12768c829822499c
Expected behavior
Tags always point at the same commit and are never moved.
Screenshots
n/a
Server (please complete the following information):
Etherpad version: 1.8.17
OS: Arch Linux
Node.js version (node --version): 17.6.0
npm version (npm --version): 8.5.2
Is the server free of plugins: yes
Desktop (please complete the following information):
OS: n/a
Browser n/a
Version n/a
Smartphone (please complete the following information):
Device: n/a
OS: n/a
Browser n/a
Version n/a
Additional context
Retagging a version breaks downstream (reproducible) builds, that rely on checksums of tarballs.
Additionally, moving a tag implies that the sources have changed which may be the sign of a supply chain attack. This behavior diminishes trust of downstreams in upstreams (you). Downstreams have to spend time on trying to find out what went wrong and write a ticket.
The text was updated successfully, but these errors were encountered:
Describe the bug
1.8.17 has been retagged because of #5446
This is bad practice and should be avoided. Please just tag a new version.
To Reproduce
Steps to reproduce the behavior:
313b21baefdad6f2958cceabc6a96ffc4e57763c928dd760d25d26d2b2caa592ac0b7169cdcd81745252e5d51aa4170a2a01c24c1053abdda0ea207636f10930
06236b554f8be7428c7249b0b065b5bdc96c8a876046bfaf1af022bcfbe35926daf8af120989a8385c8c5bed6e8bcae5ea4d915e4b695b3b12768c829822499c
Expected behavior
Tags always point at the same commit and are never moved.
Screenshots
n/a
Server (please complete the following information):
node --version
): 17.6.0npm --version
): 8.5.2Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Retagging a version breaks downstream (reproducible) builds, that rely on checksums of tarballs.
Additionally, moving a tag implies that the sources have changed which may be the sign of a supply chain attack. This behavior diminishes trust of downstreams in upstreams (you). Downstreams have to spend time on trying to find out what went wrong and write a ticket.
The text was updated successfully, but these errors were encountered: