1 |
Sunday 28 May 2006 19:36 skrev Kristian Poul Herkild: |
2 |
> It's not GCC-related, and it's not exactly the first time we've had to |
3 |
> make our own digests ;) |
4 |
|
5 |
You should never make your own digest of a package that you have not altered |
6 |
(or downloaded to an overlay...) yourself. Proper procedure is: |
7 |
|
8 |
1. Make sure you've sync'ed recently |
9 |
2. If the file in question lives in distfiles delete it and let it download |
10 |
again. |
11 |
3. Perhaps find another mirror. |
12 |
4. File a bug report (if others haven't already done so). |
13 |
|
14 |
The digest verification is there to make sure that you get the same software |
15 |
that the devs intended you to get. By making your own digest you override |
16 |
this security measure. In this case the tar file changed without changing the |
17 |
name after you originally installed the package (or after it was downloaded |
18 |
to the mirror that you are using...). This change could be a bugfix. By |
19 |
making your own digest you don't get this bugfix... |
20 |
|
21 |
-- |
22 |
Bo Andresen |