This is the mail archive of the
mailing list for the GCC project.
gcc-3.3.1.tar.bz2 file on ftp://gcc.gnu.org/ tainted?
- From: Peter Niemayer <niemayer at isg dot de>
- To: gcc at gnu dot org
- Date: Mon, 11 Aug 2003 22:58:51 +0200
- Subject: gcc-3.3.1.tar.bz2 file on ftp://gcc.gnu.org/ tainted?
I just downloaded gcc-3.3.1.tar.bz2 from both ftp://gcc.gnu.org/ and
a mirror site, and found the md5sum to differ from what is written in
the md5sums file:
This is what is inside the md5sums file (on both locations):
And this is what md5sum told me when running it locally on either
I downloaded the .gz version, too, and there the md5sum matched.
I unpacked both the .bz2 and the .gz versions (no errors), and
did a "diff -r --brief" on the directories, and found no differences.
So can I assume the md5sums file is just wrong, or do I have to fear
the archives were tainted and whoever did it was just too sloppy to
change all the sums?
Things would be so much easier if you just signed the files using
gpg or alike...