Github tarball checksums changed
TheChymera opened this issue · comments
Recently the checksums of the github release tarballs (0.18.0
and 0.19.6
) changed. No idea why, and probably I'll just switch to distributing from PyPI and forget about this if it happens again, but I thought you should know:
diff --git a/dev-vcs/datalad/Manifest b/dev-vcs/datalad/Manifest
index 2cbe5a4db..942564afe 100644
--- a/dev-vcs/datalad/Manifest
+++ b/dev-vcs/datalad/Manifest
@@ -1,4 +1,4 @@
-DIST datalad-0.18.0.tar.gz 1425155 BLAKE2B 8d7cbf7f56b1de82c74fa823b2d4512112f1b4c4be106cac433c8db696b2e7f77da758c0bb62b7cb9fe0fbb08d49431dda2818d08d5c60b5052154895c335b33 SHA512 0df8276edc3872c73fee7286ea4e578648a6fb2a630fa49a4f8945e0d6ff88353d9b11d29d942c0ce22ed17a8223e71f99d8b519a6a8afbc2ac9e6da89d95ee5
+DIST datalad-0.18.0.tar.gz 1425143 BLAKE2B 5b99a69412b70c853b9e5c45d9aa2ddeca930a5b946dc7a88f5723c1b96f1cb41abac2a07b5276aa38a8b507b05e623b9023f36201ec8ebb3da4c7684f0e374e SHA512 b2568567a161af9ce992f867a73aa8b68e934ed6e7e6e1ea7ddacc664d7c6da850d1876e29f80fba450d97a4d66ff098cb7f9af45b2c7a6a165b0a02babf8b86
DIST datalad-0.18.1.tar.gz 1425820 BLAKE2B 574e864feb500062f829dfea3f9c8c51f9ad2e0e68e70966c2a5ea315fafffb259de9a0f57427c0aae1ee93c24ec9a3a91ef42637d109d912cf5b6c41ac07b11 SHA512 19f011428fe66d9f21410ae33276133f26cf2b1a367c23a83c56ab48a0e038837ba18163e12ab2d74eba7d0ec9ce2e660a21494ddba0da3a2df6da2c043c4aad
DIST datalad-0.18.3.tar.gz 1435282 BLAKE2B 8077c0a639920e914b30598ded435ad74564f3947a187f5d57752cd22e0d435838db9bdd797a6d8d8cc54282e1303f5ca5d673d3674da09c678a47f35e8ef3f6 SHA512 06f5a73caaacffb35f11852f69ee48c485ebd1cce55e1440eb8686d8614a29809b01de2d129a48591fd66c02a59af9dcd064b0e7ead698842cc7f79d12af729c
-DIST datalad-0.19.6.tar.gz 1429377 BLAKE2B 1f7e3f91e6d305b4a1e9e9bd8f649e32b4a87cddb98eea68f7e1920832562604c0d2477c47dbb22f05dc2bdaf7645c5d943fdefae53b1ec9e418fb240ec3b18d SHA512 546f17be597121f2508140919360200f261553df415b67c709961e293ba95fa6cec6b13e7b54fcfc18b602a479565331b0146fb196b57ade3e6bf697f1054e07
+DIST datalad-0.19.6.tar.gz 1420979 BLAKE2B 49d8e19449652f284f89f99e6696c6d1abf7ddcc58a8eb00004c657be38ce2532ed9c11855dca4a0a8f82c55fbf1633f53ff2bdea063fd18ad946145d27a3404 SHA512 db7cd807a8106727f0b6f587be8c0ce3abcf0dc7cf72b4757e6b44650adca05482e6b0a6c1719050fba37660dcd5de2a6f27df044a8db180ac6855ee7ff8cbda
Sadly I don't have the old archives any more so I don't know what changed. Going by the size of the archives probably some small file or re-compression. I just assumed release tarballs would never ever change unless you re-write the history.
https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes/ is relevant
Upstream git (not github) has also been adamant that they don't guarantee the format of git archive, so it's not guaranteed to be reproducible.