[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: release checksum issue related to xdelta file, how to check .sig fil
From: |
Joe Wells |
Subject: |
Re: release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) |
Date: |
31 Mar 2008 15:54:44 -0400 |
>>>>> "Joe" == Joe B Wells <jbw@macs.hw.ac.uk> writes:
Joe> When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz
Joe> from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file,
Joe> because it has been compressed differently. (The contents are the same,
Joe> as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".) This causes two
Joe> problems:
Joe> 1. The above checksum can not be used to verify the generated file.
I now realize this is the only real problem, and it is a small one.
Joe> (This
Joe> could be solved by also informing us of the MD5 checksum of the
Joe> ungzipped file, but problem #2 below indicates this is probably not
Joe> worth it.)
This would be an adequate solution.
Joe> 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be
usable
Joe> as the basis for the next release. There are two different
Joe> emacs-22.2.tar.gz files, and the one generated by xdelta is different.
Joe> Presumably, the next xdelta patch will be generated using the standard
Joe> one, so one will not be able to use xdelta to upgrade two versions in
a
Joe> row.
Except that the xdelta patch stores the checksum of the ungzipped data, so
it will work fine.
Joe> I'm not sure what the solution to this is. It is important that the
Joe> .tar.gz file generated by xdelta is the same as the .tar.gz file
Joe> distributed by FTP, or there will be problems.
I now think this is not an issue, except that it will cause confusion
because the checksum of the .gz file will not match.
Sorry for raising a larger alarm than the problem deserves.
--
Joe