Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pip mirror: add securedrop-sdk 0.0.13, remove Werkzeug 0.14.1 #143

Merged
merged 1 commit into from Feb 13, 2020
Merged

pip mirror: add securedrop-sdk 0.0.13, remove Werkzeug 0.14.1 #143

merged 1 commit into from Feb 13, 2020

Conversation

redshiftzero
Copy link
Contributor

Releasing securedrop-sdk 0.0.13 to prod pip mirror (required for merge of freedomofpress/securedrop-client#784)

I'm also removing Werkzeug 0.14.1 as it has a CVE. Due to this we needed to release securedrop-proxy (freedomofpress/securedrop-proxy#66).

build logs: https://github.com/freedomofpress/build-logs/blob/master/pip_mirror/feb13_update

Test plan:

  • Sig on sha256sums.txt is correct
  • hash of sha256sums.txt matches what is in the build log
  • CI passes
  • hash of source tarball matches securedrop-sdk on PyPI
  • file paths / URLs are correct

@redshiftzero redshiftzero added this to Ready for Review in SecureDrop Team Board Feb 13, 2020
@redshiftzero redshiftzero mentioned this pull request Feb 13, 2020
Merged
6 tasks
@emkll emkll self-requested a review February 13, 2020 17:21
@emkll emkll moved this from Ready for Review to Under Review in SecureDrop Team Board Feb 13, 2020
emkll
emkll approved these changes Feb 13, 2020
View reviewed changes
Copy link
Contributor

@emkll emkll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @redshiftzero looks good to me:

  • Sig on sha256sums.txt is correct
  • hash of sha256sums.txt matches what is in the build log
  • CI passes
  • hash of source tarball matches securedrop-sdk on PyPI (wheel hash is different, but source tarball is same hash. nit: Perhaps in the future we can upload the same wheel to pypi? or maybe just the source tarball?
  • file paths / URLs are correct

@redshiftzero redshiftzero mentioned this pull request Feb 13, 2020
Closed
@emkll emkll merged commit 7eb22f9 into master Feb 13, 2020
SecureDrop Team Board automation moved this from Under Review to Done Feb 13, 2020
@emkll emkll deleted the sdk_13 branch February 13, 2020 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emkll emkll emkll approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@redshiftzero @emkll