Search Criteria
Package Details: mod_auth_openidc 2.4.16.6-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/mod_auth_openidc.git (read-only, click to copy) |
---|---|
Package Base: | mod_auth_openidc |
Description: | OpenID Connect Relying Party implementation for Apache 2.x |
Upstream URL: | https://www.mod-auth-openidc.org |
Licenses: | Apache |
Submitter: | alzeih |
Maintainer: | alzeih (alerque) |
Last Packager: | alerque |
Votes: | 3 |
Popularity: | 0.001817 |
First Submitted: | 2020-08-20 10:54 (UTC) |
Last Updated: | 2024-12-09 12:29 (UTC) |
Dependencies (7)
- apr-util
- cjoseAUR
- curl (curl-quiche-gitAUR, curl-http3-ngtcp2AUR, curl-gitAUR, curl-c-aresAUR)
- openssl (openssl-gitAUR, openssl-staticAUR)
- pcre2 (pcre2-gitAUR)
- apache (apache-gitAUR) (make)
- jansson (jansson-gitAUR) (make)
Latest Comments
alerque commented on 2024-04-01 18:22 (UTC) (edited on 2024-04-01 18:31 (UTC) by alerque)
@alzeih Version 2.4.15.5 was released (how would I have generated checksums if it wasn't) but later pulled (I have no idea why). This project doesn't release tags that are not also releases, so the difference is immaterial. Sometimes projects forget to post releases even after they tag, and I find it's useful to get notified of that. That's minor though. Obviously with our current source use we're using generated sources, so monitoring just releases is fine.
The bigger issue is that you just reset checksums for a release without explaining why. This only happens when upstream re-tags an existing release. This should never be done anyway and if a project does it, the checksum should not be updated until it is reported upstream and why it was retagged and what changed is evaluated. The chances of a release artifact being changed to be malicious after release are exponentially higher than the initial post, and the checksums is specifically there to guard against that.DO NOT just update them without also posting research on why it happened. Arch's model is "trust on first use", not "just trust any changes that happen after that".
alzeih commented on 2024-03-15 23:23 (UTC)
@snack Thanks for reporting. Not sure why the hash was incorrect, but it should now be fixed.
@alerque I've also updated the
.nvchecker.toml
to use releases, not tags. 2.4.15.5 was a tag, not a release, so the link used in the package for 2.4.15.5-1 was broken. I've also added a.nvchecker.toml
to dependency cjose using releases, not tags.snack commented on 2024-03-15 08:17 (UTC)
The update to 2.4.15.6-1 fails the sha256sums check on my system (using yay):
snack commented on 2023-06-08 13:17 (UTC)
@alzeih The new version works, thank you.
alzeih commented on 2023-06-08 08:06 (UTC)
@snack the GitHub url has changed to to https://github.com/OpenIDC/mod_auth_openidc , and the download url has an extra "v".
Package has been bumped to 2.4.14.2-2 which should fix the 404.
snack commented on 2023-06-08 05:50 (UTC)
Updating to 2.4.14.2-1 with yay I get this error:
alerque commented on 2021-09-03 09:16 (UTC)
And now 2.4.9.4.
I'm going to file an orphan request so I can keep this more up to date, but I'd be happy to co-maintain it too if you're watching.
alerque commented on 2021-08-26 18:19 (UTC)
Since my last OOD flag 2.4.9.3 is also out. If you're interested in adding me as a co-maintainer I can help keep this up to date. I may eventually move it to [community] too if it gets another few votes.