Monday 29 May 2006 00:51 skrev Hemmann, Volker Armin: > > The digest still changed so it would have to be a mirror that the devs > > who created the digests used.. > > what? > > I am talking about the problem, that mirrors might corrupt files and that > this is why making a new digest may not be a good idea. Also, it might be > possible, that someone hacked the file on the mirror. > > And what are you talking about? > > *confused*
Like I stated in my previous mail I installed this a couple of weeks ago with the older, smaller version of the tar file. At that time there was no digest verification error which means that the digest fitted that tar file. When I reinstalled yesterday (after the ebuild had been bumped to -r1) but with the name of the tar file unchanged I ran into a digest verification error because the digest had changed to fit the newer, bigger tar file with the same name. Since the name was unchanged I had to delete the file to have the newer version downloaded which fitted the new digest... Note that the ebuilds of 1.03 and 1.03-r1 are identical. You get exactly the same software no matter which one of them you install. But since the tar file has changed you do not get the same as 2 weeks ago when I originally installed 1.03. I have exactly run a diff on those tar files so I can't tell if the difference is important... Please read the previous mail I sent 75 minutes ago. I hope I am more clear now.. -- Bo Andresen
pgpyP9uqGeNV8.pgp
Description: PGP signature
