libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tomaz Muraus (JIRA)" <>
Subject [jira] [Commented] (LIBCLOUD-460) checksum mismatch of ".tar.gz" tarball for version 0.13.2
Date Thu, 12 Dec 2013 15:30:08 GMT


Tomaz Muraus commented on LIBCLOUD-460:

I have uploaded a pristine archive to PyPi and the file check sums match now.

I have no idea how original issue came about, but to prevent similar issues from happening
again in the future, I wrote a little bash script which downloads the release artifacts from
the Apache and PyPi server and compares the file check sums (

I will work on automating the running of this script, but for now I will make running it manually
a mandatory part of the release process.

> checksum mismatch of ".tar.gz" tarball for version 0.13.2 
> ----------------------------------------------------------
>                 Key: LIBCLOUD-460
>                 URL:
>             Project: Libcloud
>          Issue Type: Bug
>          Components: Website
>    Affects Versions: 0.13.2
>         Environment: Building with Macports
>            Reporter: Peter Danecek
>              Labels: newbie, security
>   Original Estimate: 10m
>  Remaining Estimate: 10m
> I am trying to packages libcloud, and intended to use both sources of the package, ie. and PyPI. However, it seems that there is some mismatch with the .tar.gz. tarball
is indeed different. The published checksums are different and indeed the corresponding packages
have the respective checksum.
> However, I thing this should not really happen, at least as long the same name/version
is used. 

This message was sent by Atlassian JIRA

View raw message