[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: release checksum issue related to xdelta file, how to check .sig fil

From: Joe Wells
Subject: Re: release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released)
Date: 31 Mar 2008 15:54:44 -0400

>>>>> "Joe" == Joe B Wells <jbw@macs.hw.ac.uk> writes:

  Joe> When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz
  Joe> from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file,
  Joe> because it has been compressed differently.  (The contents are the same,
  Joe> as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".)  This causes two
  Joe> problems:

  Joe> 1. The above checksum can not be used to verify the generated file.

I now realize this is the only real problem, and it is a small one.

  Joe>    (This
  Joe>    could be solved by also informing us of the MD5 checksum of the
  Joe>    ungzipped file, but problem #2 below indicates this is probably not
  Joe>    worth it.)

This would be an adequate solution.

  Joe> 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be 
  Joe>    as the basis for the next release.  There are two different
  Joe>    emacs-22.2.tar.gz files, and the one generated by xdelta is different.
  Joe>    Presumably, the next xdelta patch will be generated using the standard
  Joe>    one, so one will not be able to use xdelta to upgrade two versions in 
  Joe>    row.

Except that the xdelta patch stores the checksum of the ungzipped data, so
it will work fine.

  Joe> I'm not sure what the solution to this is.  It is important that the
  Joe> .tar.gz file generated by xdelta is the same as the .tar.gz file
  Joe> distributed by FTP, or there will be problems.

I now think this is not an issue, except that it will cause confusion
because the checksum of the .gz file will not match.

Sorry for raising a larger alarm than the problem deserves.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]