-
Notifications
You must be signed in to change notification settings - Fork 469
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hash of v2.4.2 tarball has changed #638
Comments
Hmm forget that, I just had the same issue with https://github.com/microsoft/mimalloc where our checksum didn't matched. And just FYI, using the two above tarballs, I've just
So it looks like something changed on GitHub's gzip implementation. |
Hi, glad that this has a good explanation and good to see that ome one is actually comparing hashes :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When building
libsrtp
, we are usingsha512
to check tarball archive integrity.Today when rebuilding our project dependencies, the check failed.
These are the "old" hashes:
But today the hashes are:
It looks like lots of project are using those "old" hashes too:
From what I can see the v2.4.2 tag haven't been moved, and to me the tarballs provided here are generated by GitHub.
I've compared the original archive and the new one. The tarball file size is different, but according to
diff
andmeld
the content seems to be exactly the same.Do you know what could cause this ?
Did you changed something recently ? (like deleted then re-created the git tag?)
If that's helpful, the last time we build
libsrtp
the check succeed. It was on 2022-01-18.My guess would be that GitHub rolled out a change on tar/gzip handling, and if that's the case, they should expect a storm of
chore: update someproject tarball hash
commits 🙃For reference, here are the two tarballs:
v2.4.2.original.tar.gz
v2.4.2.current.tar.gz
The text was updated successfully, but these errors were encountered: