On 6/5/20 5:02 PM, Joe Locash wrote:
On Jun 5, 2020 1:59 PM, "Bruce Dubbs via blfs-dev"
<[email protected]
<mailto:[email protected]>> wrote:
>
> Evidently upstream made a stealth update. The original file was
uploaded Nov 2016 and was correct at the time. The current file has a
date of Dec 2016 and is about 2 KB larger than the previous version.
Bruce,
I wouldn't put all blame on upstream. At some point the source
tarball change was detected and the book was updated with the new
md5sum. The mirrors should have been updated at that time also. I myself
should have caught this when I added it to my build scripts a couple
years ago.
I'm the one who puts the files into the master repository. I rely on a
script that depends on updated version numbers. I didn't make the
change because I missed the one line change that updated the md5sum and
the script couldn't pick it up.
When I do update, I validate the md5sum against the md5sum of the
downloaded file. This also checks that the URL is correct. At the time
the file was put in the repository, the old md5sum was correct.
Yes, I do blame upstream for this problem. Changing the tarball without
adjusting the version number is *very* poor practice. In this case,
what changed in the 2 KB that they changed?
I did a diff on the two tarballs and there were 58 files changed!
I would complain, but it was three years ago so it's taken care of now.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
