rvalieris
commented
1 year ago thanks for the warning, I was not aware of this, I triggered a rebuild of the package on the conda-forge repo.
Closed cafhach closed 1 year ago
rvalieris
commented
1 year ago thanks for the warning, I was not aware of this, I triggered a rebuild of the package on the conda-forge repo.
rvalieris
commented
1 year ago new rebuild is up.
https://conda-forge.org/blog/posts/2023-03-12-circle-ci-security-breach/#circleci-security-incident
contains a json listing packages which potentially are malicious since they were released during the time when conda-forge's keys were compromised. I'm puzzled that this release is still available on conda-forge but this is their issue. Could you please re-release the package to ensure its security? Even if this was a false-positive and you are certain that it was not tampered with: I could not currently install
conda-treefrom conda-forge according to my company policies since it is blacklisted via the json from conda-forge.Thanks!