On Mon, Jan 12, 2015 at 04:47:55PM +0530, Nathann Cohen wrote:
Hello Thierry !
What about checking that there is nothing wrong without a hashsum ?
1) Download the author's .tar.bz2 file
2) Use the sage-src script to generate the .tar.bz2 file yourself
3a) If the hashed match you are done
Hi,
it is advised to distribute unmodified upstream tarball at much as
possible, so that the end-user should be able to check that the tarball
shipped by Sage has the same hash that upstreams. However, when size can
be reduced by a huge factor, integrity arguments become pretty weak and we
Hello Thierry !
What about checking that there is nothing wrong without a hashsum ?
1) Download the author's .tar.bz2 file
2) Use the sage-src script to generate the .tar.bz2 file yourself
3a) If the hashed match you are done
3b) If they do not match, extract them both and compare their content
Also compression programs sometimes improve (without changing the
decompression routine), and/or their default parameters might be
machine-dependent.
On Monday, January 12, 2015 at 3:22:53 PM UTC+1, Thierry
(sage-googlesucks@xxx) wrote:
On Mon, Jan 12, 2015 at 04:47:55PM +0530, Nathann
I'm on OS X 10.9.2, Macbook Pro, tar --version returns
bsdtar 2.8.3 - libarchive 2.8.3
For me, your last line resulted in:
tar: Option --mtime=1970-01-01 01:00 is not supported
David
On Mon, Jan 12, 2015 at 5:59 AM, Thierry sage-googlesu...@lma.metelu.net
wrote:
Hi,
it is advised to
On 01/12/2015 05:59 AM, Thierry wrote:
In order to try such possibility on the next matplotlib update, could some
people (especially someone using OSX) give me (with minimal info on their
OS, arch, and tar --version) the result of:
wget
On Monday, January 12, 2015 at 4:13:33 PM UTC-8, François wrote:
I agree with you that it is not deterministic. What is really important is
that the
checksums and the tarball come from a source you trust and are in
agreement.
The checksum of the file itself is simply a way of
I agree with you that it is not deterministic. What is really important is that
the
checksums and the tarball come from a source you trust and are in agreement.
It is a simple security measure and I am not sure there is value in making it
deterministic. I have a feeling that if you want to do
