Fun little #infosec potential #ioc … all of the published sha256s for #librdkafka no longer match the artifacts. Did they rewrite history given their release artifacts are git tags? Did GitHub change how tar.gz’s are made? Are they compromised? Who knows!

I opened an issue: https://github.com/confluentinc/librdkafka/issues/4167

#confluent #kafka