[ On Monday, May 27, 2002 at 08:40:50 (+0900), Shin'ichiro TAYA wrote: ]
> Subject: Re: problems with checksum of www/mozilla-1.0rc3
>
> From: woods@weird.com (Greg A. Woods)
> Subject: problems with checksum of www/mozilla-1.0rc3
> Date: Sun, 26 May 2002 15:42:04 -0400 (EDT)
> 
> > I tried building www/mozilla-1.0rc3 today.  Unfortunately it seems the
> > file on at least two of their FTP servers is different from the one
> > recorded in distinfo (and I've double-checked that my distinfo file is
> > up-to-date):
> 
> Maybe mozilla.org replaced source tarball *again*.

That's what I thought too, but perhaps something's more fishy than that.

I finally got a little bit smarter and looked in the parent directory of
the FTP site to find their MD5SUMS file, and the value given in there
doesn't match the calculated value for the source archive I fetched (at
least the bz2 version), but then again the timestamp on the MD5SUMS file
is a lot older than the timestamp on the file:

$ ll /most/distfiles/mozilla-source-1.0rc3*
173 58128 -rw-r--r--  1 woods  wheel  29729464 May 26 19:12 /most/distfiles/mozilla-source-1.0rc3.tar.bz2
$ grep mozilla-source-1.0rc3.tar.bz2 MD5SUMS
f30ac988ec8589285523315ebb8a7732  ./src/mozilla-source-1.0rc3.tar.bz2
$ md5 /most/distfiles/mozilla-source-1.0rc3*
MD5 (/most/distfiles/mozilla-source-1.0rc3.tar.bz2) = 6d247c3527b7c52bb4f29228614bbe88


> I'll regen the distinfo & commit soon.

I personally would rather the Mozilla folks verify the authenticity of
the tar files on the FTP mirrors and then update their own MD5SUMS file
before you simply re-calculate the SHA in the distinfo file and commit
an update....

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>