From: Martin Jansa <martin.jansa@gmail.com>
To: Adrian Bunk <bunk@stusta.de>
Cc: openembedded-devel@lists.openembedded.org,
Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Subject: Re: [PATCH][meta-oe] libp11: update to 0.4.10
Date: Tue, 28 May 2019 21:08:38 +0200 [thread overview]
Message-ID: <20190528190838.GA1481@jama> (raw)
In-Reply-To: <20190528180945.GB14708@localhost>
[-- Attachment #1: Type: text/plain, Size: 1675 bytes --]
On Tue, May 28, 2019 at 09:09:45PM +0300, Adrian Bunk wrote:
> On Tue, May 28, 2019 at 06:52:00PM +0200, Oleksandr Kravchuk wrote:
> > Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
> > ---
> > .../libp11/{libp11_0.4.7.bb => libp11_0.4.10.bb} | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > rename meta-oe/recipes-support/libp11/{libp11_0.4.7.bb => libp11_0.4.10.bb} (92%)
> >
> > diff --git a/meta-oe/recipes-support/libp11/libp11_0.4.7.bb b/meta-oe/recipes-support/libp11/libp11_0.4.10.bb
> > similarity index 92%
> > rename from meta-oe/recipes-support/libp11/libp11_0.4.7.bb
> > rename to meta-oe/recipes-support/libp11/libp11_0.4.10.bb
> > index 87d99c1a6..2911e37c7 100644
> > --- a/meta-oe/recipes-support/libp11/libp11_0.4.7.bb
> > +++ b/meta-oe/recipes-support/libp11/libp11_0.4.10.bb
> > @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29"
> > DEPENDS = "libtool openssl"
> >
> > SRC_URI = "git://github.com/OpenSC/libp11.git"
> > -SRCREV = "64569a391897bd29c5060b19fa4613e619e59277"
> > +SRCREV = "libp11-0.4.10"
> >...
>
> This is not a good idea - upstream might move the label,
> and a man-in-the-middle attack on someone building this
> recipe might also be possible.
Not only that, but bitbake fetcher will convert the tag name to the hash
every single time the recipe is being parsed which is not only annoying,
but also breaks parsing for people who don't even use this recipe when
they loose network connection during build (or build intentionally
without one).
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 201 bytes --]
prev parent reply other threads:[~2019-05-28 19:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-28 16:52 [PATCH][meta-oe] libp11: update to 0.4.10 Oleksandr Kravchuk
2019-05-28 18:09 ` Adrian Bunk
2019-05-28 19:08 ` Martin Jansa [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190528190838.GA1481@jama \
--to=martin.jansa@gmail.com \
--cc=bunk@stusta.de \
--cc=open.source@oleksandr-kravchuk.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.