> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Tim Orling
> Sent: den 9 december 2023 02:37
> To: openembedded-core@lists.openembedded.org
> Cc: Tim Orling
> Subject: [OE-core] [PATCH] recipetool: pypi: do not clobber SRC_URI ch
The pypi change:
"85a2a6f68af recipetool: create_buildsys_python: add pypi support"
deleted all the SRC_URI variables, including the SRC_URI checksums.
These are not generated by the pypi.bbclass (how could they be trusted?)
Without the checksum(s), we are vulnerable to a man-in-the-middle attack