Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

0.22.0 release #537

Closed
1 of 2 tasks
chenrui333 opened this issue Mar 14, 2023 · 7 comments
Closed
1 of 2 tasks

0.22.0 release #537

chenrui333 opened this issue Mar 14, 2023 · 7 comments

Comments

@chenrui333
Copy link

ISSUE TYPE
  • Bug Report
  • Feature Idea

BUG REPORT

SUMMARY

👋 Looks like the 0.22.0 release did not get completed, thanks!

relates to Homebrew/homebrew-core#125542

@github-actions
Copy link

Thanks for opening your first issue here! Be sure to follow the issue template!

@chenrui333
Copy link
Author

cc @genevieveluyt

@chenrui333
Copy link
Author

It would be good to not re-tag the release as well.

relates to:

@genevieveluyt
Copy link
Contributor

Hi @chenrui333 I'm actually not sure we can complete the release in the state it was tagged. I think we may need to skip that version and release the next version with the new release process. @chenrui333 is that a problem for brew? @dani-santos-code wdyt?

@felipeng
Copy link

felipeng commented Jun 5, 2023

Not sure if is related, but for me the latest version 0.22.0 is not working but 0.21.0 is:

/tmp # uname -m
x86_64
/tmp # wget https://github.com/Shopify/kubeaudit/releases/download/v0.22.0/kubeaudit_0.22.0_linux_amd64.tar.gz
Connecting to github.com (192.30.255.112:443)
Connecting to objects.githubusercontent.com (185.199.110.133:443)
saving to 'kubeaudit_0.22.0_linux_amd64.tar.gz'
kubeaudit_0.22.0_lin 100% |*****************************************************************************************************************************************************************| 9724k  0:00:00 ETA
'kubeaudit_0.22.0_linux_amd64.tar.gz' saved
/tmp # tar -zxf kubeaudit_0.22.0_linux_amd64.tar.gz 
/tmp # ./kubeaudit
sh: ./kubeaudit: not found
/tmp # rm -rf *
/tmp # wget https://github.com/Shopify/kubeaudit/releases/download/v0.21.0/kubeaudit_0.21.0_linux_amd64.tar.gz
Connecting to github.com (192.30.255.112:443)
Connecting to objects.githubusercontent.com (185.199.110.133:443)
tsaving to 'kubeaudit_0.21.0_linux_amd64.tar.gz'
kubeaudit_0.21.0_lin 100% |*****************************************************************************************************************************************************************| 9604k  0:00:00 ETA
'kubeaudit_0.21.0_linux_amd64.tar.gz' saved
/tmp # tar -xvf kubeaudit_0.21.0_linux_amd64.tar.gz 
README.md
kubeaudit
/tmp # ./kubeaudit version
0.21.0

@ZhongRuoyu
Copy link

is that a problem for brew?

Sort of, and I assume that it's likely the same for many other downstream packagers.

Often, we build a new version of a package when we see a new tag comes out. And it confuses us when the tag is pulled, modified, and republished later, because we'll see the change in the source artifact's checksum. In those cases we'll have to confirm with upstream maintainers to see if that's intentional. There can be good cases, where the retagging was just a consequence of an oversight; but there can also be bad ones, where the source repository gets compromised somehow. And we'll need to wipe out the chance of the latter.

Also, as mentioned in Git's documentation, re-tagging is an "insane thing" that's strongly discouraged, because tags are meant to be final once they are published. A recommended way would be, as you and also the docs have mentioned, to publish a new version (i.e. tag) instead. (Or if you're just unsure if CI works -- it would be nice to have some other ways to test it, like doing it in a fork.)

I see that the tag v0.22.0 was pulled and republished several times. So, with that said, could we get your confirmation that the tag v0.22.0 published on https://github.com/Shopify/kubeaudit/releases/tag/v0.22.0 (currently pointing to commit 538937d) is legitimate and final? (See also #569.)

Thanks! We appreciate all your great work maintaining the kubeaudit project. ❤️

@chenrui333
Copy link
Author

close via the recent releases

image

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants