Bugzilla – Bug 1219873
AUDIT-WHITELIST: libzypp-plugin-appdata: changes to script need updated whitelisting
Last modified: 2024-02-21 14:46:41 UTC
The appdata plugin for zypper needed be adjusted to be compatible to AppStream 1.0 and the updated data location. The code has thus been changes, which resulted in a different digest - requiring whitelisting again: [ 10s] libzypp-plugin-appdata.noarch: E: zypperplugin-file-digest-mismatch (Badness: 10000) /usr/lib/zypp/plugins/appdata/InstallAppdata expected sha256:ba77e8dab356d70dfe0f38a63c9cced0b81d47c8af36b41f88fa30597330ff43, has:fa505770dbaae9bfbc456dcf3064b437d2b5740c030fdd7d22d320526b12da40 [ 10s] A whitelisting related zypper plugin file changed in content. Packaging zypper [ 10s] plugins requires a review and whitelisting by the SUSE security team. If the [ 10s] package is intended for inclusion in any SUSE product please open a bug report [ 10s] to request review of the package by the security team. Please refer to [ 10s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 10s] more information. The package can already be found in GNOME:Next/libzypp-plugin-appdata The change that was merged can be easily reviewed at https://github.com/DimStar77/openSUSE-appstream/pull/4
I looked through the changes and this should be fine.
I will take care of the updated whitelisting
The whitelisting is in Factory now. Closing as fixed.