Checksum of tarball /Volumes/Data/FinkBase/src/default-1.7.tar.bz2 of package mplayer-skin-default-1.7-1 is incorrect.
Checksum of tarball /Volumes/Data/FinkBase/src/GMT_share.tar.gz of package gmt-3.4.2-1 is incorrect.
Checksum of tarball /Volumes/Data/FinkBase/src/GMT_share.tar.gz of package gmt-3.4.2-3 is incorrect.
Checksum of tarball /Volumes/Data/FinkBase/src/povuni_s.tgz of package povray-3.1-6 is incorrect.
Checksum of tarball /Volumes/Data/FinkBase/src/zssh-1.4.tgz of package zssh-1.4-2 is incorrect.
Checksum of tarball /Volumes/Data/FinkBase/src/libf2c.zip of package f2c-20020123-4 is incorrect.
Checksum of tarball /Volumes/Data/FinkBase/src/f2c-src.tar of package f2c-20020123-4 is incorrect.
Checksum of tarball /Volumes/Data/FinkBase/src/f2c-readme.gz of package f2c-20020123-4 is incorrect.
Checksum of tarball /Volumes/Data/FinkBase/src/pccts133mr.zip of package pccts-1.33.mr33-1 is incorrect.
In all of these cases, except of zssh (and maybe pccts?), there is clearly no version encoded in the source file name. This at first might seem harmless, but it leads to problems if the upstream source over time replaces these files with newer versions. Sure, our MD5's will catch this problem, but we still should host our own copies of these files (with a new, versioned name) instead of relaying on the upstream source to keep consistent. In addition, if possible at all, try to prod the upstream source to provide tar balls for fixed releases in fixed positions.
Just imagine this typical situation: you make a package against a certain version of a tarball (e.g. f2c-20020123). Then later, the upstream source changes that tar ball. This causes two problems:
1) Fink will start complaining about bad MD5 (rightfully), forcing users either suffer or ignore the warning, thus defeating the purpose of our MD5 checksums
2) The build results might be different. E.g. the new source might not compile anymore, or cause files to be installed outside of /sw/src etc.
Hence, I'd like to urge the maintainers of these packages (and maintainers of other packages with similiar problems; obviously my "fink checksums" run can only catch a few of these) to take steps necessary to clean this mess. In particular, we can host copies of the source files at SF.net.
Max
------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
