Re: Packaging of 9.2-1001 source tarball

Dave Cramer <pg@fastcrypt.com> writes:
> Tom,
> I've fixed the tar file.

Um ... you just replaced the tar file with another one of the same name?
That's going to cause a lot of confusion.

[ downloads and takes a look... ]  What's worse, the contents of the
tarballs aren't the same --- it looks like this is a slightly newer
snapshot than what was in the old tarball.  Which means it doesn't
correspond to the sources that were used to build the published jar
files.

I think you've just converted a minor annoyance into a major disaster.
When I package a Red Hat or Fedora package, there are automated
cross-checks that verify that the tarball I provide matches bit-for-bit
what can be downloaded from the upstream URL I claim to have got it
from.  I imagine other distros have similar checks.  You just broke
that --- as of now, the package I finished making a few hours ago
will fail verification.

I think you should either go back to the previous tarball for now,
or repackage this as a "1002" build.  It's too late to be changing
the published tarball for build 1001.

            regards, tom lane