Subject: Re: [boost] What is http://downloads.sourceforge.net/boost/boost_1_63_0.tar.bz2 ?
From: Jonathan Wakely (jwakely.boost_at_[hidden])
Date: 2017-02-09 15:27:40
On 9 February 2017 at 14:21, Daniel James via Boost wrote:
> On 9 Feb 2017 11:54, "Jonathan Wakely via Boost" <boost_at_[hidden]>
> Checking the hash is a manual process that should be done by the
> maintainer, it can't cause updating the Fedora servers to fail (the
> infrastructure can't check the hash because it doesn't know what to
> compare it to). I screwed that up for the first cycle of rebuilds I
> did for Boost 1.63.0.
> If you want the download info in a machine readable format, let me know.
> For example, I wrote a little script to generate a csv file:
Thanks, but that's not necessary for my purposes.
http://www.boost.org/users/history/version_1_63_0.html has the info I
need (I have to look there anyway to see which new libraries there
are, and for any breaking changes to existing libs). The problem was
simply that I wasn't using the URL and hash on that page, because I
was mistakenly using the redirecting URL we had in the RPM spec file,
and I didn't check the hash until later.
I don't need help verifying the hash (that will always be at least a
semi-manual process, and if I forget to do it then I forget to do it).
And after wasting my own time so badly (and updating the URL in our
spec file) I'm unlikely to make this mistake again. I just think
having snapshots with the same filename is the release is bonkers, and
that's the only thing I'd suggest changing.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk