And other people avoid sites that may regenerate tarballs like GitHub, because GitHub changed the md5 sums in the past and it broke a lot of .info files.
On Sun, May 02, 2021 at 12:08:19PM -0400, B Watson wrote: > On 5/2/21, Slack Coder <[email protected]> wrote: > > > > From what I understand, the md5 hash is used to check whether file has > > been changed by the author and not for security purposes. Therefore > > shouldn't the official source be used when its available? > > What happens a lot of the time: the original download link becomes > unreachable for some reason. So someone (the script maintainer, or > an SBo admin) finds a working link and updates the .info file. Then > later on, the original link starts working again, but nobody changes > the .info file back. This happens because of the "If it ain't broke, > don't fix it" principle. > > Ideally, the script maintainer would check the official site when he > does a version update. This doesn't always happen: sometimes he just > edits the URL and changes the version number. So long as the new URL > works, nobody's going to notice or care that it's not the official > download site. > _______________________________________________ > SlackBuilds-users mailing list > [email protected] > https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users > Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/ > FAQ - https://slackbuilds.org/faq/ > _______________________________________________ SlackBuilds-users mailing list [email protected] https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/ FAQ - https://slackbuilds.org/faq/
