-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SECURITY: verifying github.com/google/cadvisor@v0.49.1: checksum mismatch #3508
Comments
It seems to be related to: 570d8a7 If this was intentional, for my experience, never re-tag an existing tag, caches in github, and in go proxies will make a big mess, we should always create a new minor version. |
mangelajo
added a commit
to flightctl/flightctl
that referenced
this issue
Mar 26, 2024
v0.49.1 seems to have been re-tagged upstream and the caching of goproxies and github is causing issues. We should stay on v0.49.0 until v0.49.2 is released. Related-Issue: google/cadvisor#3508 Signed-off-by: Miguel Angel Ajo Pelayo <majopela@redhat.com>
avishayt
pushed a commit
to flightctl/flightctl
that referenced
this issue
Mar 26, 2024
v0.49.1 seems to have been re-tagged upstream and the caching of goproxies and github is causing issues. We should stay on v0.49.0 until v0.49.2 is released. Related-Issue: google/cadvisor#3508 Signed-off-by: Miguel Angel Ajo Pelayo <majopela@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are using cadvisor on a project, and suddenly we are getting a hash missmatch:
I wanted to confirm if the release has been re-tagged, if it's a know developer action this is ok. If not we could be facing a security issue.
I had the previous hash version for v0.49.1 stored on a different computer, so I decided to run a diff between the new hash of 0.49.1, this is what I get:
It seems to be related to the provenance check of the images used in the build process or as base images, which is security-related.
Thank you
The text was updated successfully, but these errors were encountered: