On Sat, Nov 15, 2008 at 7:48 AM, leonel <[EMAIL PROTECTED]> wrote: > Ive downloaded the tar.gz from > http://www.djangoproject.com/download/1.0.1/tarball/ > > and the md5sum does not match the md5sum from: > http://media.djangoproject.com/pgp/Django-1.0.1-final.checksum.txt
OK, so here's what happened: 1. When I rolled the release last night, I did 'python manage.py sdist' to generate the package, then uploaded it to the djangoproject.com server. 2. I then made my fatal error, which was that I uploaded it to the Cheese Shop via 'python setup.py sdist upload'. 3. And then I did the checksums and placed the signed file on djangoproject.com. Astute readers will notice what I did not, namely that step 2 re-generated the package, resulting in a tarball whose constituent files and directories have slightly different creation times than the package from step 1. And as a result, the checksums of the package generated in step 2 are different from the checksums of the package generated in step 1 -- even though their unpacked contents are identical -- because 'tar' stores information about creation time in the resulting compressed file. So I've replaced the package on djangoproject.com with the copy generated in step 2 above, and we've verified that its contents and its checksums match exactly. Your friendly local release manager apologizes for the inconvenience, and will now go find someplace to hang his head in shame. -- "Bureaucrat Conrad, you are technically correct -- the best kind of correct." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---