| 1 |
Sunday 28 May 2006 19:36 skrev Kristian Poul Herkild: |
| 2 |
> It's not GCC-related, and it's not exactly the first time we've had to |
| 3 |
> make our own digests ;) |
| 4 |
|
| 5 |
You should never make your own digest of a package that you have not altered |
| 6 |
(or downloaded to an overlay...) yourself. Proper procedure is: |
| 7 |
|
| 8 |
1. Make sure you've sync'ed recently |
| 9 |
2. If the file in question lives in distfiles delete it and let it download |
| 10 |
again. |
| 11 |
3. Perhaps find another mirror. |
| 12 |
4. File a bug report (if others haven't already done so). |
| 13 |
|
| 14 |
The digest verification is there to make sure that you get the same software |
| 15 |
that the devs intended you to get. By making your own digest you override |
| 16 |
this security measure. In this case the tar file changed without changing the |
| 17 |
name after you originally installed the package (or after it was downloaded |
| 18 |
to the mirror that you are using...). This change could be a bugfix. By |
| 19 |
making your own digest you don't get this bugfix... |
| 20 |
|
| 21 |
-- |
| 22 |
Bo Andresen |
Archives