Before this, we were subscribing to our addresses in their bip32 order,
leaking this information to servers. While this leak seems mostly harmless,
it is trivial to fix.
If there is a collision between a branch name and a commit hash, git
will choose the branch, even if the full 40-hex-long commit hash is
given. GitHub disallows branches/tags with such a name but git itself
does not. By adding the `^{commit}` syntax sugar after a ref name,
we can tell git that we want the commit hash to be preferred,
and hence we don't need to trust GitHub (only git).
see https://security.stackexchange.com/questions/225411/
the one in apt refused to install certain package versions (that were pinned by hash!!)
and installed different versions instead... e.g.:
Collecting wheel==0.34.2 (from -r /opt/electrum/contrib/build-linux/sdist/../../../contrib/deterministic-build/requirements.txt (line 112))
Downloading 521c6dc7feb90b06dc1d0b805b51ae/wheel-0.34.2.tar.gz (58kB)
100% |████████████████████████████████| 61kB 3.8MB/s
Requested wheel==0.34.2 from 521c6dc7feb90b06dc1d0b805b51ae/wheel-0.34.2.tar.gz#sha256=8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 (from -r /opt/electrum/contrib/build-linux/sdist/../../../contrib/deterministic-build/requirements.txt (line 112)), but installing version 0.30.0
...\electrum\electrum\gui\qt\qrcodewidget.py:88: DeprecationWarning: an integer is required (got type float). Implicit conversion to integers using __int__ is deprecated, and may be removed in a future version of Python.
qp.drawRect(left+c*boxsize, top+r*boxsize, boxsize - 1, boxsize - 1)
SomberNight
ThomasV
Jin Eguchi