Hi, Something weird is going on with libevent source packages:
* Their gpg signatures check, they have always check. * I'm using MXE which also verifies a (sha1) checksum: + Version 2.0.22, downloaded about a week ago, had the checksum of what 2.0.21 has now... that shouldn't happen. + Version 2.0.21 currently has a different checksum to what it had originally, about a year ago... that also shouldn't happen. * Using those versions results in part of my app not working, the part that uses libevent to set up a http/RPC server... this proves that at least version 2.0.21 is not what it was originally (i.e. I've used it many times over the last year to build my app, and it worked fine). Any ideas? I haven't tried to find what the problem is, but from my point of view, it looks like a security break at your end, and a result that I cannot trust on my end (not only that it doesn't work, but I can't be sure is not doing something else). -- René Berber
smime.p7s
Description: S/MIME Cryptographic Signature
