[postgis-devel] [geos-devel] GEOS 3.4.0 is out
Devrim GÜNDÜZ
devrim at gunduz.org
Sun Aug 11 05:34:04 PDT 2013
Hi,
On Sun, 2013-08-11 at 08:19 -0400, Greg Troxel wrote:
>
> Please do not do that. Packaging systems really object to having two
> distfiles with the same name and different contents, because it is
> indistiguishable from an attack. To detect such issues, packaging
> systems store a hash with the name of the distfile, and check it on
> download.
>
> If you have to change the tarball once it has hit a download area,
> then
> please just bump to 3.4.1. There are an infinite number of version
> numbers available.
Seconded.
Regards,
--
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr
http://www.gunduz.org Twitter: http://twitter.com/devrimgunduz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osgeo.org/pipermail/postgis-devel/attachments/20130811/cb31e59f/attachment.sig>
More information about the postgis-devel
mailing list