I think Cargo.lock contains those checksums and that forces cargo to verify them? Can you check that verification happens and fails when it should by e.g. patching it to have bogus checksums?
Alex On Thu, 19 Jan 2023 at 08:15, Alex Kiernan <alex.kier...@gmail.com> wrote: > > Unless I'm missing something, I just realised that we're not > validating downloaded crate checksums when we fetch them with crate:// > - Surely we should be? > > -- > Alex Kiernan > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176126): https://lists.openembedded.org/g/openembedded-core/message/176126 Mute This Topic: https://lists.openembedded.org/mt/96373035/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
