Hey there,
I’m from the Yunohost team where we provide package to install TTRSS easily
A user reported today that the checksum we’re using to check the source integrity changed.
The corresponding file is: https://git.tt-rss.org/fox/tt-rss/archive/9d3c79498368fa99cfde684c759a1c40825aaaa9.tar.gz
About 7 months ago, the sha256sum for this file was
a5f2aae2b566a0d06a7dd6d7d9d39695c09c77e3b4fc76ca2a49c041499b30d5
We’re pretty sure that it didn’t change since at least early April because we have automatic tests that validate all the install process
Yet today it sounds like it’s now:
cb5a39a61f6319734606f06fafbb0eb60aa488cdc911ec84ee6738da533124cb
I’m quite puzzled as the archive is supposed to be the archive for a specific commit, and one can’t just simply create a new commit with the same id yet different content… Did this archive got tweaked manually, or did it somehow get corrupted by an attacker or something ?