logilab-common #115237 PyPI vs Logilab distfile checksum mismatch for logilab-common-0.58.3 [validation pending]
The checksums don't match between the PyPI hosted distfile and the distribution provided distfile; seems like a potential security issue (distfile modified after the fact) as the tarball unpacks on FreeBSD if I do make makesum with ports:
$ fetch -o - -q http://download.logilab.org/pub/common/logilab-common-0.58.3.tar.gz | sha256 | |
priority | important |
---|---|
type | bug |
done in | 0.63.1 |
load left | 0.000 |
closed by | <not specified> |