logilab-common #115237 PyPI vs Logilab distfile checksum mismatch for logilab-common-0.58.3 [validation pending]

The checksums don't match between the PyPI hosted distfile and the distribution provided distfile; seems like a potential security issue (distfile modified after the fact) as the tarball unpacks on FreeBSD if I do make makesum with ports:

$ fetch -o - -q http://download.logilab.org/pub/common/logilab-common-0.58.3.tar.gz | sha256
ad8c9cafe1dbbd54753694733562f39d4bbcb8467308fb64f7803dfe30ea5e86
$ fetch -o - -q http://pypi.python.org/packages/source/l/logilab-common/logilab-common-0.58.3.tar.gz| sha256
dc4a11c5a50303ccd86cf8d04b30c7fbeaa831f83c0e7c46b164dd2329f87323
$ uname -or
FreeBSD 9.1-PRERELEASE

priorityimportant
typebug
done in0.63.1
load left0.000
closed by<not specified>

Workflow history

from state (2)to statecommentdateUser
donevalidation pending2014/11/28 16:16 UTCnarval
opendone

download.logilab.org now redirects to pypi for release tarballs

2014/11/28 12:43 UTCjcristau

Ticket #115237 - latest update on 2014/11/28, created on 2012/12/27 by yaneurabeya