Sunday 28 May 2006 19:36 skrev Kristian Poul Herkild: > It's not GCC-related, and it's not exactly the first time we've had to > make our own digests ;)
You should never make your own digest of a package that you have not altered (or downloaded to an overlay...) yourself. Proper procedure is: 1. Make sure you've sync'ed recently 2. If the file in question lives in distfiles delete it and let it download again. 3. Perhaps find another mirror. 4. File a bug report (if others haven't already done so). The digest verification is there to make sure that you get the same software that the devs intended you to get. By making your own digest you override this security measure. In this case the tar file changed without changing the name after you originally installed the package (or after it was downloaded to the mirror that you are using...). This change could be a bugfix. By making your own digest you don't get this bugfix... -- Bo Andresen
pgp69ajSdZldL.pgp
Description: PGP signature
