Jean Abou Samra schreef op di 28-06-2022 om 10:38 [+0200]:
> We had exactly the same problem at LilyPond, and this was the fix:
> 
> https://gitlab.com/lilypond/lilypond/-/blob/master/release/binaries/lib/dependencies.py#L721
> 

For security, shouldn't this check the hash of the downloaded tarballls
and patches?

Greetings,
Maxime.