URL: <https://savannah.nongnu.org/support/?111357>
Summary: Distribution tarballs changed in-place
Group: Savannah Administration
Submitter: ulm
Submitted: Sat 06 Dec 2025 09:42:57 AM CET
Category: Source code repositories - web browsing
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Operating System: None
Open/Closed: Open
Discussion Lock: Unlocked
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Sat 06 Dec 2025 09:42:57 AM CET By: Ulrich Müller <ulm>
I noticed that the distribution tarballs for Emacs org-mode available at
https://cgit.git.savannah.gnu.org/cgit/emacs/org-mode.git/ for at least
releases 9.7.35, 9.7.36, 9.7.37 and 9.7.39 have been changed in-place, which
broke checksum verification for Gentoo.
See
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72226bd7bb86113fac338d586a30fec3808c0ebc
for the old and new checksums.
I've already asked org-mode upstream about this, but is doesn't seem to be a
problem on their side:
https://lists.gnu.org/archive/html/emacs-orgmode/2025-12/msg00062.html
Changing tarballs in-place is really bad, because for every failed checksum we
must manually verify the integrity of the package again.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/support/?111357>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
signature.asc
Description: PGP signature
