This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

gcc-3.3.1.tar.bz2 file on ftp://gcc.gnu.org/ tainted?


Hi,

I just downloaded gcc-3.3.1.tar.bz2 from both ftp://gcc.gnu.org/ and
a mirror site, and found the md5sum to differ from what is written in
the md5sums file:

This is what is inside the md5sums file (on both locations):

4015ef36f7aca44780e2e2042bde21ed gcc-3.3.1.tar.bz2

And this is what md5sum told me when running it locally on either
downloaded file:

1135a104e9fa36fdf7c663598fab5c40 gcc-3.3.1.tar.bz2

I downloaded the .gz version, too, and there the md5sum matched.
I unpacked both the .bz2 and the .gz versions (no errors), and
did a "diff -r --brief" on the directories, and found no differences.

So can I assume the md5sums file is just wrong, or do I have to fear
the archives were tainted and whoever did it was just too sloppy to
change all the sums?

Things would be so much easier if you just signed the files using
gpg or alike...

Regards,

Peter Niemayer




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]