> On Jul 12, 2019, at 6:16 AM, Tobias Geerinckx-Rice wrote: > > Since release archives are signed that would imply some horrible things about their key management, so I doubt it very much. I guess we'll find out. > > I've gone ahead and pushed a fix since the signature checked out. I'm closing this bug for now... > > However, I'd be interested to know what the previous hash described. Do you still have that file around, Ivan? My apologies, this was all partly my fault. I do have the old source lying around, diffing the two (attached) reveals that the changelog and one source file actually changed. A bit more detailed context: The rust project makes pre-release sources available for testing ahead of the formal release, and the process is meant to shake out any potential bugs. I tested with the prerelease build originally, and after the real release came out I updated the package URL to the formal release and immediately rebuilt successfully. I'm not 100% sure if maybe guix reused the cached tarball I had from earlier, or whether the prerelease source was immediately upgraded to the formal release and fixed shortly after. (I did try rebuilding right before pushing the change out which succeeded with no changes, which I'm guessing is because guix did not redownload the tarball and why I didn't notice the hash mismatch). —Ivan