Hi!

Commit ea5d388257664d703df23cf3eb0da7b6546d6c42 updates gzip to 1.7.
Its specified SHA256 is:

  1as1ddq58spflzz5kxm0ni0xfpswrkkrncjpxyb3aw77gizcacgv

However, when downloading right now, I get a different hash:

--8<---------------cut here---------------start------------->8---
$ guix download mirror://gnu/gzip/gzip-1.7.tar.gz

Starting download of /tmp/guix-file.EtGdvV
From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz...
following redirection to `http://mirror1.babylon.network/gnu/gzip/gzip-1.7.tar.gz'...
 gzip-1.7.tar.gz  1.1MiB            740KiB/s 00:02 [####################] 100.0%
/gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz
010rjpxh2vg3qfzph9lx7a35gfs5imkg2mkri26620bqihbsmjzc
$ guix download mirror://gnu/gzip/gzip-1.7.tar.gz.sig

Starting download of /tmp/guix-file.jK41ds
From http://ftpmirror.gnu.org/gzip/gzip-1.7.tar.gz.sig...
following redirection to `http://mirror.ibcp.fr/pub/gnu/gzip/gzip-1.7.tar.gz.sig'...
 gzip-1.7.tar.gz.sig  801B          2.1MiB/s 00:00 [####################] 100.0%
/gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig
03j0bcydran7fas42sm1lxf09qcjwp4c2y9rzp42zj088mx6s32b
$ gpg --verify /gnu/store/r511bm51719l80j1xijflmyfyd3691pd-gzip-1.7.tar.gz.sig /gnu/store/81229hs4j6yyk2hraka505rjp41b9nrs-gzip-1.7.tar.gz
gpg: Signature made Mon 28 Mar 2016 06:05:12 AM CEST using RSA key ID 000BEEEE
gpg: Good signature from "Jim Meyering <jim@meyering.net>" [full]
gpg:                 aka "Jim Meyering <meyering@gnu.org>" [full]
gpg:                 aka "Jim Meyering <meyering@fb.com>" [undefined]
--8<---------------cut here---------------end--------------->8---

Could you check if you have a copy of gzip-1.7.tar.gz with the hash
that’s in the repo (using ‘guix build -S gzip’ in ‘core-updates’) and if
so, send the diff?

(I’d like to know if it’s a mistake or if gzip-1.7.tar.gz has been
modified in place on ftp.gnu.org.)

Thanks in advance.  :-)

Ludo’.