Project

General

Profile

Actions

Defect #33434

closed

sha256 checksum for downloads on download page is wrong

Added by Uwe Koloska over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
High
Category:
Website (redmine.org)
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

The sha256 checksums on the download page are wrong:

File Checksum Website
redmine-4.1.1.tar.gz 05faafe764330f2d77b0aacddf9d8ddce579c3d26bb8e03a7d6e7ff461f1cdda 0b67505431a362efa312981f75aae99aebc482f9c0eb5e8d67d39ce7af8d9075
redmine-4.1.1.zip 8f8a5e8fd4cf70fbf2262469bd88d6e66c4cb2045aff40db49463356418a35cb 3a6a7e01c20bc43ff43afab69c4f3513da041817cec5cd5f8a46122193bbe0ba
redmine-4.0.7.tar.gz 1e556ebaefc69d09da859c2a0f95c52d2d26cf973461218169e5e7be01694a76 ce897a65ba525faf49ea03ad8c149c1492d33052e27315c6b37ade5408505d78
redmine-4.0.7.zip d6a3f87a23a9d25a789d729238dafac5fb098ff88f9f240fbe2497ad8a535daa 5f376360a88679a53a868edc273e031117f690b199c3d626e5c5692d829355e5

Is this just a fault or does it point to something worse?


Related issues

Has duplicate Redmine - Defect #33267: unable to verify SHA256 sums for download releases 4.1.1 / 4.0.7ClosedJean-Philippe Lang

Actions
Actions #1

Updated by Mischa The Evil over 4 years ago

  • Status changed from New to Confirmed
  • Priority changed from Normal to High

I confirm that the given checksums are incorrect. This really should be looked at. I'll add some watchers too.

Actions #2

Updated by Mischa The Evil over 4 years ago

I've just finished a first inspection of the four packages.
I compared the contents against exports of the GitHub-mirror tags and found no substantive differences.
Also, the MD5-hashes of the packages are matching those given on Download (v.189).

I think there's nothing "worse" at hand here. It seems rather a mistake, somehow.

Actions #3

Updated by Jean-Philippe Lang over 4 years ago

  • Status changed from Confirmed to Closed
  • Resolution set to Fixed

I confirm that it was a mistake that I made when I introduced sha256 digests instead of md5.
They are fixed and that should be fine for the next release.
Thanks for pointing this out.

Actions #4

Updated by Go MAEDA over 4 years ago

  • Has duplicate Defect #33267: unable to verify SHA256 sums for download releases 4.1.1 / 4.0.7 added
Actions

Also available in: Atom PDF