Dave Cramer <pg@fastcrypt.com> writes:
> Tom,
> I've fixed the tar file.
Um ... you just replaced the tar file with another one of the same name?
That's going to cause a lot of confusion.
[ downloads and takes a look... ] What's worse, the contents of the
tarballs aren't the same --- it looks like this is a slightly newer
snapshot than what was in the old tarball. Which means it doesn't
correspond to the sources that were used to build the published jar
files.
I think you've just converted a minor annoyance into a major disaster.
When I package a Red Hat or Fedora package, there are automated
cross-checks that verify that the tarball I provide matches bit-for-bit
what can be downloaded from the upstream URL I claim to have got it
from. I imagine other distros have similar checks. You just broke
that --- as of now, the package I finished making a few hours ago
will fail verification.
I think you should either go back to the previous tarball for now,
or repackage this as a "1002" build. It's too late to be changing
the published tarball for build 1001.
regards, tom lane
