New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1.0.17 was touched on download.libsodium.org #813
Comments
|
Precompiled libraries are from the Visual Studio 2019 is now supported, so new Windows precompiled libraries had to be made. |
|
Please reopen the issue.
Then upload them to libsodium-latest-stable-...$target.$archive. Why do you think it is OK to touch already released binaries? |
|
If you have suggestions for improvements, please maintain a respectful and gentle tone. It is entirely up to Frank Denis as the maintainer of this free and open source project to decide how and when to release binaries. |
|
@tancred take a look at https://semver.org/#spec-item-3
And pushing a binary with modifications under the same version is a violation of this rule. There is a divergence between what is released in https://github.com/jedisct1/libsodium/releases/tag/1.0.17 and what is uploaded as a "latest" 1.0.17. |
So, this project doesn't follow semver and its maintainer gave you a reason why. I don't think your question is unreasonable, but when you ask "Why do you think it is OK to ..." you imply that the creator and maintainer of this project somehow is not allowed to do what he pleases with it. You will have more success in your endevours if you ask nicely. |
|
Stop being a bully and let the maintainer answer my questions.
When I ask I ask. Don't put your words into my mouth. |
|
The recommended version to use is Pre-compiled packages are from the recommended version, although I don't always rebuild them as often as needed. Download should be verified using Minisign or GPG signatures. They are available for all the files available for download. The public keys can be found in the documentation: https://download.libsodium.org/doc/installation#stable-branch This includes the pre-compiled Windows libraries. |
|
Please note that there are never functional changes between a point release and
In this case, a new addition to the Sticking to point releases is perfectly fine. If a security issue had to be addressed, a new point release would be immediately made. But pre-compiled binaries are not stuck to point releases. The MSVC2019 issue perfectly illustrates why I sometimes need to take the time to update them. And to verify them, use signatures as documented. |
|
Hm.
Still it sounds like a patch in terms of semver.
Does it mean it is a unique situation or do we have to keep it in mind and assume the latest pre-built binaries can change time to time and take actions? |
|
Actually I don't mind to build libsodium from source from |
|
Binaries for |
|
Yes that's easy. How about a script for windows to build it from cmd autodetecting MSVS version? |
327: Update libsodium hashes due to jedisct1/libsodium#813 r=kpp a=kpp The binaries were updated, see jedisct1/libsodium#813 Co-authored-by: Roman Proskuryakov <humbug@deeptown.org>
327: Update libsodium hashes due to jedisct1/libsodium#813 r=Dylan-DPC a=kpp The binaries were updated, see jedisct1/libsodium#813 Co-authored-by: Roman Proskuryakov <humbug@deeptown.org>
|
It looks like it have happened again, is there anywhere where you give the reason for it? @jedisct1 |
Version 1.0.17 was released on January 7, 2019 however it was modified on 03-Apr-2019. Why?
Linked issue: https://github.com/sodiumoxide/sodiumoxide/issues/326
The text was updated successfully, but these errors were encountered: