* Brian Harring <ferri...@gmail.com> schrieb: > > hmm, I'm exclusively using bzip2 and never had these problems > > yet. maybe it depends on the compressor type. > > http://www.gentoo.org/proj/en/glep/glep-0025.html#the-problem-in-detail > > Note also that bzip2 had another change in output after that > release- my memory is failing me a bit, but it was roughly a > a reduction of their hash size to fix a CVE- either way, same thing, > differing output.
Okay, you've convinced me :) Meanwhile I've reworked my Briegel buildsystem [1] to support direct git checkouts (including a repo cache). Next step will be a mechanism to check tag signatures. cu -- ---------------------------------------------------------------------- Enrico Weigelt, metux IT service -- http://www.metux.de/ phone: +49 36207 519931 email: weig...@metux.de mobile: +49 151 27565287 icq: 210169427 skype: nekrad666 ---------------------------------------------------------------------- Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme ----------------------------------------------------------------------
