Subject: Re: [boost] What is http://downloads.sourceforge.net/boost/boost_1_63_0.tar.bz2 ?
From: Jonathan Wakely (jwakely.boost_at_[hidden])
Date: 2017-02-09 15:27:40
On 9 February 2017 at 14:21, Daniel James via Boost wrote:
> On 9 Feb 2017 11:54, "Jonathan Wakely via Boost" <boost_at_[hidden]>
> wrote:
>
>
> Checking the hash is a manual process that should be done by the
> maintainer, it can't cause updating the Fedora servers to fail (the
> infrastructure can't check the hash because it doesn't know what to
> compare it to). I screwed that up for the first cycle of rebuilds I
> did for Boost 1.63.0.
>
>
> If you want the download info in a machine readable format, let me know.
> For example, I wrote a little script to generate a csv file:
>
> http://beta.boost.org/doc/downloads.csv.php
Thanks, but that's not necessary for my purposes.
http://www.boost.org/users/history/version_1_63_0.html has the info I
need (I have to look there anyway to see which new libraries there
are, and for any breaking changes to existing libs). The problem was
simply that I wasn't using the URL and hash on that page, because I
was mistakenly using the redirecting URL we had in the RPM spec file,
and I didn't check the hash until later.
I don't need help verifying the hash (that will always be at least a
semi-manual process, and if I forget to do it then I forget to do it).
And after wasting my own time so badly (and updating the URL in our
spec file) I'm unlikely to make this mistake again. I just think
having snapshots with the same filename is the release is bonkers, and
that's the only thing I'd suggest changing.