Stamatis, thanks for your work on this. Stamatis>The checksum hash that was communicated in the vote email was wrong Stamatis>given Stamatis>that the correct one was send along with the artifacts and people used this Stamatis>for the checks I assume there is no problem.
I'm inclined that we should vote with -1 (or wait for RM to send the updated checksum) when checksum in the mail does not match to the checksum of the archive. Well, it is OK, if release manager sends updates, however it should not be the case that actual checksum differs from the one that was suggested in the vote mail. Different checksums might mean there's MITM attempt, and it sounds wrong that we "kind of ignore it". Even though I agree the impact in this case was quite low (e.g. I've personally verified PGP signature and ensured it was SHA512 based), we would probably want to refrain from repeating that practice. I would like to follow https://reproducible-builds.org/ to simplify release validation. Vladimir
