On Sun, Nov 26, 2017 at 11:15:41PM +0100, Ludovic Courtès wrote:
> Clément Lassieur <clement@lassieur.org> skribis:
> 
> > * gnu/packages/emacs.scm (emacs-org-contrib)[source]: Fix sha256 checksum.
> > ---
> >  gnu/packages/emacs.scm | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
> > index acd6ec30a..7e16c8b4b 100644
> > --- a/gnu/packages/emacs.scm
> > +++ b/gnu/packages/emacs.scm
> > @@ -4230,7 +4230,7 @@ reproducible research.")
> >                                    (package-version emacs-org) ".tar"))
> >                (sha256
> >                 (base32
> > -                "0xy2xrndlhs4kyvh6mmv24dnh3fn5p63d2gaimnrypf1p8znwzh4"))))
> > +                "071vqv6hdyjp85ap39930782ks07ypjzch81r8kax3ybwfrf0chx"))))
> 
> Was the SHA256 simply erroneous, or was the file modified in-place
> upstream?
> 
> It’s a good idea to investigate a bit in such cases IMO.

I assumed this was a case where a package FOO inherits another package
BAR's version, and BAR was updated, leaving FOO with a broken source.

Otherwise, yes, all hash mismatches should be investigated and reported
upstream.