https://bugzilla.redhat.com/show_bug.cgi?id=1359412 --- Comment #16 from David Kaspar [Dee'Kej] <dkaspar@xxxxxxxxxx> --- (In reply to Kamil Dudka from comment #15) > (In reply to David Kaspar [Dee'Kej] from comment #13) > > Okay, so for some reason the SHA256 hashes still don't match for the package > > I have downloaded and the package fedore-review has downloaded. > > > > However, doing manual check on both of these sources, I get the same result: > > 271ea0d473fbbbbc921db65cbc38e74e3bde42a095a38dbac0207e199dfda705 > > gawkextlib-1.0.2.tar.gz > > > > This looks like some issue of fedora-review package. > > It can be caused by the fact that the source URL points to a multi-level > redirection to the actual URL containing the data: > > $ curl -svo/dev/null > http://sourceforge.net/projects/gawkextlib/files/gawkextlib-1.0.2.tar.gz -L > 2>&1 | grep Location > < Location: > https://sourceforge.net/projects/gawkextlib/files/gawkextlib-1.0.2.tar.gz > < Location: > https://sourceforge.net/projects/gawkextlib/files/gawkextlib-1.0.2.tar.gz/ > download > < Location: > https://downloads.sourceforge.net/project/gawkextlib/gawkextlib-1.0.2.tar. > gz?r=&ts=1495634539&use_mirror=master > < Location: > https://master.dl.sourceforge.net/project/gawkextlib/gawkextlib-1.0.2.tar.gz Hmm, but still that should contain the same package, right? Looks like, according to Andrew, it was just outdated... :) > I am not sure if fedora-review follows these redirects while checking > hashes. Anyway, it is a good practice to use https:// source URL where > possible. Yes, I agree. We should make the use of https:// where possible. :) -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx