github-actions[bot] opened a new pull request, #64729: URL: https://github.com/apache/airflow/pull/64729
Verify rustup-init binary with SHA256 checksum instead of curl-pipe-sh Download the rustup-init binary directly and verify its SHA256 checksum before execution, instead of piping the shell installer script through sh. Pin rustup-init to version 1.29.0 with hardcoded SHA256 checksums for amd64 and arm64, matching the existing cosign verification pattern. This prevents a compromised server from serving a tampered binary with a matching checksum. (cherry picked from commit 1b2893300d8b6c3ae656b8e7d9a44138b663d633) Co-authored-by: Jarek Potiuk <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
