search

conda-forge / libsndfile-feedstock

A conda-smithy repository for libsndfile.
BSD 3-Clause "New" or "Revised" License
2 stars 13 forks source link

The package is included in the list of possibly compromised artifacts: please verify or rebuild #29

Open marcindulak opened 1 year ago

marcindulak commented 1 year ago

Solution to issue cannot be found in the documentation.

Issue

The package is included in the list of possibly compromised artifacts published on 2023-03-12 https://conda-forge.org/blog/posts/2023-03-12-circle-ci-security-breach/

curl -sL https://raw.githubusercontent.com/conda-forge/conda-forge.github.io/main/misc/circle_ci_pkgs_dec2022_breach.json | jq  | grep libsndfile
    "libsndfile-1.2.0-hb75c966_0.conda",
    "libsndfile-1.2.0-h693ebdd_0.conda",
    "libsndfile-1.1.0-h883269e_1.conda",
    "libsndfile-1.2.0-hb7cb007_0.conda",
    "libsndfile-1.2.0-h591af1c_0.conda",
    "libsndfile-1.2.0-h92509c9_0.conda",
    "libsndfile-1.2.0-h2628c91_0.conda",

Please perform an extra verification that the uploaded versions are legitimate, or rebuilt the package if possible.

Installed packages

# not relevant

Environment info

# not relevant
bmcfee commented 1 year ago

Package has been updated and rebuilt; any reason to keep this issue open?