[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: release checksum issue related to xdelta file, how to check .sig fil
Re: release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released)
31 Mar 2008 15:54:44 -0400
>>>>> "Joe" == Joe B Wells <address@hidden> writes:
Joe> When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz
Joe> from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file,
Joe> because it has been compressed differently. (The contents are the same,
Joe> as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".) This causes two
Joe> 1. The above checksum can not be used to verify the generated file.
I now realize this is the only real problem, and it is a small one.
Joe> could be solved by also informing us of the MD5 checksum of the
Joe> ungzipped file, but problem #2 below indicates this is probably not
Joe> worth it.)
This would be an adequate solution.
Joe> 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be
Joe> as the basis for the next release. There are two different
Joe> emacs-22.2.tar.gz files, and the one generated by xdelta is different.
Joe> Presumably, the next xdelta patch will be generated using the standard
Joe> one, so one will not be able to use xdelta to upgrade two versions in
Except that the xdelta patch stores the checksum of the ungzipped data, so
it will work fine.
Joe> I'm not sure what the solution to this is. It is important that the
Joe> .tar.gz file generated by xdelta is the same as the .tar.gz file
Joe> distributed by FTP, or there will be problems.
I now think this is not an issue, except that it will cause confusion
because the checksum of the .gz file will not match.
Sorry for raising a larger alarm than the problem deserves.