From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6AD61139694 for ; Wed, 5 Jul 2017 19:48:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5322CE0BE0; Wed, 5 Jul 2017 19:48:19 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 05D80E0BB3 for ; Wed, 5 Jul 2017 19:48:18 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 65796341845; Wed, 5 Jul 2017 19:48:16 +0000 (UTC) Message-ID: <1499284092.1134.1.camel@gentoo.org> Subject: [gentoo-dev] Need GitHub snapshot hash verification failure samples From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev Date: Wed, 05 Jul 2017 21:48:12 +0200 Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-jFeebbmX5XRo59Cc8Xpf" X-Mailer: Evolution 3.22.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Archives-Salt: de337374-1ed8-47fa-acfc-d6dbb152f3b7 X-Archives-Hash: 26259da5cdf0eb2c0c0192736b84fdf8 --=-jFeebbmX5XRo59Cc8Xpf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, everyone. I've seen multiple bugs related to hash verification failures for GitHub snapshots lately. However, none of the maintainers have been so far able to provide me with a sample of the old and new snapshot for comparison, so we still have no clue what's happening exactly. if you see your package failing or get a report for it, then *please* save the original tarball before replacing it with the new one and send me both for comparison. Thank you. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-jFeebbmX5XRo59Cc8Xpf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQKmBAABCgCQFiEEbbsHzE8NrQbqCv5BsHoa6u+0Rk4FAlldQnxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDZE QkIwN0NDNEYwREFEMDZFQTBBRkU0MUIwN0ExQUVBRUZCNDQ2NEUSHG1nb3JueUBn ZW50b28ub3JnAAoJELB6GurvtEZO/2UP/0mzi+ZKlVDO2SPEJtm6WJEBFnjYOPJp qJ7Ch8mzTFc+JZpwisWDKzXzOlLVN+4CZBjiM/Rklc1NpuJtPQlQorrg6nbVBri8 WtKSH78jHv/1AgVDk2hikbbRQBdIwndziC14xw/xuXVF3cai/9Qaaj05B7SwAY7M NBtZqjCpF0knJV78XRqjkrnKoNr5Gu3XZKm9d7PDCG4xbdKM9U2VacTloyldaJlZ H1sDAk76i1BotAWc2F8JvIiv3VvhzOUtsWB+c1NNIEo4f3DcFBRVDkfd/V8laMIg hmzmT3iHKtsopGlLFFg/opYgvgkuV5vqmFh5ofJVrs2QniXKtkwyY6V5gbtgb05n NOsdebLaXTvmW2VN1VuzypeZRYVc3I4KBqsIJFMHnLacgbeCchrqt/JeMOw2jhob 3cEB6oDb5A34fSdAjmz3YjG19QQnCehOJSX6HQF0TcHmdWigeumnPCWB5gxNv4X/ RkKh1OsOBR5GoxCE08wKrkv6sQqeWUouh/1hxO4IBZjuaM/HueLtLIz/uaiCS2xU VBWJwpscc9kZzc7lGY0EZAR11uAhDP8Gd2thS5aCirGfS7d/wKLFQJdpG2597KlR jgf6NvWr+1r8MuQnmO2oInIq6DAEps41J5LbFR7v6O9xd82AsaZoCXowVy6ggyHZ aBETOoL0N4WC =0Ugy -----END PGP SIGNATURE----- --=-jFeebbmX5XRo59Cc8Xpf--