On Wed, Jan 4, 2012 at 3:02 PM, Denys Dmytriyenko <[email protected]> wrote: > On Wed, Jan 04, 2012 at 12:53:25PM -0800, Khem Raj wrote: >> On Wed, Jan 4, 2012 at 12:14 PM, Chris Larson <[email protected]> wrote: >> > On Wed, Jan 4, 2012 at 11:14 AM, Denys Dmytriyenko <[email protected]> wrote: >> >> The main archive of BlueZ/obexd/hcidump releases on kernel.org[1] finally >> >> re-appeared after missing for long time since kernel.org compromise. >> >> Unfortunately, all previous tarballs have new checksums, breaking builds >> >> for >> >> anyone w/o previous copy cached. Old copies were also extensively >> >> mirrored, >> >> so you never know which one you fetch next time... >> > >> > Heh, checksums changing after a security compromise, that's worrisome >> > :) should diff their contents to see what's going on, or whether its >> > just a gzip timestamp change or something. >> >> exactly. Make sure the tars are sane > > Well, according to BlueZ maintainer[1], he gave the correct tarballs to > kernel.org people, but for some reason they untarred and re-packed them. > There's only 4 bytes difference, presumably timestamp...
/me thinks maintainers should tar -cvO | gzip -n if they're going to use gzip ;) But then, we see it from a rather different perspective than upstreams tend to.. -- Christopher Larson _______________________________________________ Openembedded-core mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
