sbp opened a new issue, #419: URL: https://github.com/apache/tooling-trusted-releases/issues/419
In discussion with @alitheg, we think that SBOM tasks are running using the metadata of revision A but the file paths of revision B, then running after revision B is created and supposedly finalised by the revision manager, writing the SBOM to the supposedly immutable B and racing with the checks. All of this needs to be understood more clearly and fixed in such a way that this class of bug cannot occur again. At a minimum, we should set all revision directories to 555 as soon as they're created, and maybe think about making files 444, or possibly saving execution bits too. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
