Defect #33434
closedsha256 checksum for downloads on download page is wrong
0%
Description
The sha256 checksums on the download page are wrong:
File | Checksum | Website |
redmine-4.1.1.tar.gz |
05faafe764330f2d77b0aacddf9d8ddce579c3d26bb8e03a7d6e7ff461f1cdda | 0b67505431a362efa312981f75aae99aebc482f9c0eb5e8d67d39ce7af8d9075 |
redmine-4.1.1.zip | 8f8a5e8fd4cf70fbf2262469bd88d6e66c4cb2045aff40db49463356418a35cb | 3a6a7e01c20bc43ff43afab69c4f3513da041817cec5cd5f8a46122193bbe0ba |
redmine-4.0.7.tar.gz | 1e556ebaefc69d09da859c2a0f95c52d2d26cf973461218169e5e7be01694a76 | ce897a65ba525faf49ea03ad8c149c1492d33052e27315c6b37ade5408505d78 |
redmine-4.0.7.zip | d6a3f87a23a9d25a789d729238dafac5fb098ff88f9f240fbe2497ad8a535daa | 5f376360a88679a53a868edc273e031117f690b199c3d626e5c5692d829355e5 |
Is this just a fault or does it point to something worse?
Related issues
Updated by Mischa The Evil over 4 years ago
- Status changed from New to Confirmed
- Priority changed from Normal to High
I confirm that the given checksums are incorrect. This really should be looked at. I'll add some watchers too.
Updated by Mischa The Evil over 4 years ago
I've just finished a first inspection of the four packages.
I compared the contents against exports of the GitHub-mirror tags and found no substantive differences.
Also, the MD5-hashes of the packages are matching those given on Download (v.189).
I think there's nothing "worse" at hand here. It seems rather a mistake, somehow.
Updated by Jean-Philippe Lang over 4 years ago
- Status changed from Confirmed to Closed
- Resolution set to Fixed
I confirm that it was a mistake that I made when I introduced sha256 digests instead of md5.
They are fixed and that should be fine for the next release.
Thanks for pointing this out.
Updated by Go MAEDA over 4 years ago
- Has duplicate Defect #33267: unable to verify SHA256 sums for download releases 4.1.1 / 4.0.7 added