Adam Quandour <adam.quandour@gmail.com> writes:

> Actual hash of this package is not the same as the specified one.
> ---
>  gnu/packages/tls.scm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
> index 1a1ce0d..4f862ff 100644
> --- a/gnu/packages/tls.scm
> +++ b/gnu/packages/tls.scm
> @@ -212,7 +212,7 @@ (define-public gnutls
>                (patches (search-patches "gnutls-skip-trust-store-test.patch"))
>                (sha256
>                 (base32
> -                "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))))
> +                "0kayjxy3rr2y08jjimz5f0dx92pq3xjiaj2pdnsn15h1rp2k21pa"))))

When I download the release from the official website[0], via the gnupg
ftp[1], I do get the file with the old hash[2].

I am not sure what is going on here, but the discrepancy should be
investigated and documented in the commit message.  Just adjusting the
hash is probably not the best choice.

I would assume the upstream[0] should be the authoritative source for
the hash, not the mirror.

0: https://gnutls.org/download.html
1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/
2: 0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp

>      (build-system gnu-build-system)
>      (arguments
>       (list #:tests? (not (or (%current-target-system)

Have a nice day,
Tomas

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.