version 1.6.1 identifies as 1.6.0

[darix]

rg 1.6.0 .
./canonicaljson.py
32:__version__ = "1.6.0"

./CHANGES.md

which leads to the dist-info directory also having the version number 1.6.0

[DMRobertson]

Looking at the commit message for 1cfbf74 it seems to have been a mistake on my part. I checked the version uploaded to PyPI and that has 1.6.1 in its metadata and in canonicaljson.py.

I suggest force-pushing the 1.6.1 tag forward to point at 1cfbf743a51fa0a8cf4eaff0645adaf5a70ee0f8. Does that sound reasonable @darix?

[darix]

no. do a clean 1.6.2 tag. version numbers are cheap and tagged versions should not be changed.

[DMRobertson]

That's fair (if blunt). https://github.com/matrix-org/python-canonicaljson/releases/tag/v1.6.2 is now tagged and also uploaded to PyPI.

[darix]

The long version:

Some distros might reference your github tarball in a build recipe and usually they put a checksum next to it to notice if something breaks. now if you change your tag, that tarball will change and then the distros will wonder "was your project hacked or not". That's why the usual recommendation is that tags are immutable.

p.s.: openSUSE package updated.