Comments (6)
I do not understand enough to know what is requested. If someone can explain again, or take action, this would be great.
Package managers that can build from source (e.g., Homebrew, Spack, Portage...) save for each package release the hash of its source tarball. When building the software, the hash of the downloaded tarball is compared against the known hash and if it does not match, the build is immediately aborted for security reasons and an error message is shown to the user. To update the hash, the build error must be reported, the maintainers of the package manager will want to find out why the hash changed, and then they need to patch their own software if the hash changed for benign reasons.
Two suggested approaches for the future are...
- Do not re-release with the same version number.
- Do not silently re-release with the same version number and leave a note for package manager maintainers why the hash changed.
from lapack.
Hi @chenrui333. Yes it got retagged, and I just did it again, like a minute ago, we had an error in our "thanks". This is corrected now. Sorry about this. Thanks for checking. Julien.
from lapack.
no worries, thanks for confirming it, it would be nice to push a new version in either case. Thanks! :)
from lapack.
It might be a good idea to mention any such re-tagging on the Releases page if incrementing the version number is not desired. (And as I have learned, ideally download and re-upload the github-generated archives together with their checksums - sometimes github changes something in their toolchain that leads to re-generation of the automatically created archives with a new checksum). Some people, and especially the distribution packagers, use the archive checksum to ensure an official source package has not been tampered with - silent re-releases like this are likely to set off alarm bells somewhere.
from lapack.
I am not sure any longer that we are speaking about the same thing. I edited the release page, but I do not think any longer that this impacts the checksum. Yes, we might have changed the retagged / changed the checksum on Friday when we released. We realized that some documentation were not correctly updated. So I think we released and erased the release and released a second time. If something needs to happen, like releasing with a new version number (3.12.1), this is OK. I do not understand enough to know what is requested. If someone can explain again, or take action, this would be great.
from lapack.
Hi @christoph-conrads and @martin-frbg, thanks for explaining. We'll try to be better next time. Julien.
from lapack.
Related Issues (20)
- cmake: enable Fortran HOT 1
- [Request for comments] Properly solving the *TRTRS singularity detection problem HOT 2
- Inkscape and OpenShot throw error "undefined symbol: ssyrk_64_" from libcblas HOT 4
- Installing Lapack in Red Hat linux
- Failing tests for truncated QR routine in coverage build HOT 10
- Make all release tags annotated tags HOT 2
- Caller graph in html documentation is missing for some BLAS routines
- Issues, related to new feature DMD HOT 1
- Add zrot to LAPACKE HOT 1
- [v3.12.0] sblat1.f (SNRM2) test fail on i386 architectures HOT 5
- DBBCSD may compute insufficiently accurate singular vectors HOT 2
- Packages and build systems confusion: Separate or combined libraries?
- fails of tests for QR and LQ decompositions HOT 1
- LAPACK requires CMake 3.11 or newer HOT 1
- Documentation Error in {d/s}sytrf.f
- C/ZLARFGP must re-scale when ALPHA is not real HOT 1
- How to stand-alone build man pages? HOT 2
- LAPACKE in Doxygen documentation
- How to set linker type(with or without underscore as suffix) for BLAS complied by MinGW64? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lapack.