Folks, you did it again. And it's a really really bad practice. What are versions for if you keep silently changing tarballs w/o version bump? There are distributions that rely on integrity checks, like MD5 sums, you are killing these checks if you do this. Reference downstream bugs: http://bugs.gentoo.org/show_bug.cgi?id=135715 http://bugs.gentoo.org/show_bug.cgi?id=127306 (and a bunch of others).
wow, speaking of bad practices, we have a bug reporter who: * files an incredibly non-specific bug, that you have to chase down a bunch of URLs for; * files it at CRITICAL severity; * generally acts like a prissy tool with his wildly non-specific bug. so, one of the bugs you referenced was from _january_. looking at the recent one: -r--r--r-- 1 ajax xorg 1.8M 2006-01-18 15:51 font-misc-misc-1.0.0.tar.bz2 -r--r--r-- 1 ajax xorg 2.5M 2006-01-18 15:51 font-misc-misc-1.0.0.tar.gz -r--r--r-- 1 ajax xorg 588K 2006-01-18 15:51 encodings-1.0.0.tar.bz2 -r--r--r-- 1 ajax xorg 676K 2006-01-18 15:51 encodings-1.0.0.tar.gz -r--r--r-- 1 ajax xorg 42K 2006-01-18 15:51 font-cursor-misc-1.0.0.tar.bz2 -r--r--r-- 1 ajax xorg 50K 2006-01-18 15:51 font-cursor-misc-1.0.0.tar.gz so, would you care to explain to me how exactly you are going to blame the 'changed md5sum' of a tarball last altered in january on upstream, and not the mirror network or so? or why you filed a critical bug going 'man you guys are crap' without bothering to check simple things like this? and we know that changing tarball contents silently is bad. which is why we don't do it. and post release announcements with both the md5sum and sha1sum of the tarball, gpg-signed. would be kind of pointless doing that if we changed the tarballs all the time. but hey, thanks for your random rant here, and all through gentoo's bugzilla. it was really productive.
Wow, LOL... We haven't been mirroring those tarballs for a while (note the RESTRICT="mirror" in the ebuilds, but you probably can't be bothered to chase anything so you didn't check) - exactly because of the reason this bug has been filed, so you might want to check your mirrors, ours are not at fault here. Thanks for the warm words, ktnxbye...
well, either I could install gentoo and find out, or you could just be more specific, and start including at least the names of the tarballs in the original bug report. i'm sure the former is more reasonable. i'm sure no-one needed actual urls that tarballs had been downloaded from, either. that would just be too easy. feel free to reopen this bug if you have actual useful information that you want to bring to the table, but bugzilla is not a forum for random uninformed whining.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.