This is a very good reason for all those who go directly to "updating" the digest after a couple of failed downloads to think again the next time. That is unless you like root exploits and such like was discovered in the kernel recently.
For those that are interested, it turns out that kde.org was at fault and the listed digest was in fact incorrect.
Yes, u a right, it can be dangerous. I just answered the question, but do not upgrade yet. I'll wait minimum until the problem is explained/solved. The same strategy I recommend to everybody.
Anyway I thing if gentoo root server is exploited, then it can't be a problem for attacker to replace both source and digest. To prevent such behavior probably some another digital signature from developer authority is needed let it be immediately recognized by all of us.
noro
-- [EMAIL PROTECTED] mailing list
