You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@groovy.apache.org by alessio <al...@gmail.com> on 2020/04/09 21:31:23 UTC

Incorrect hash

Hello,

either the binaries have been compromised or an incorrect hash was published.

The hash published at
https://downloads.apache.org/groovy/2.4.19/distribution/apache-groovy-binary-2.4.19.zip.sha256
is

  b6a6a7819bd7e222756f9dba1d62d933f217d5e491f0e82ddddfde9df8222f54

whereas the actual hash of
https://dl.bintray.com/groovy/maven/apache-groovy-binary-2.4.19.zip is

  24517ee43881ee52ccd52996ac3d298f0eb000ac36d59d59c2e5ef0c3ef9eb88

Re: Incorrect hash

Posted by Paul King <pa...@asert.com.au>.

This looks like a glitch in our release process. The timestamps in the zip
(and sha256 file) on downloads.apache.org have changed but nothing else.
I'll see what I can do to correct this.
In the meantime you can use the checksum at:
https://dl.bintray.com/groovy/maven/apache-groovy-binary-2.4.19.zip.sha256

On Fri, Apr 10, 2020 at 7:31 AM alessio <al...@gmail.com> wrote:

> Hello,
>
> either the binaries have been compromised or an incorrect hash was
> published.
>
> The hash published at
>
> https://downloads.apache.org/groovy/2.4.19/distribution/apache-groovy-binary-2.4.19.zip.sha256
> is
>
>   b6a6a7819bd7e222756f9dba1d62d933f217d5e491f0e82ddddfde9df8222f54
>
> whereas the actual hash of
> https://dl.bintray.com/groovy/maven/apache-groovy-binary-2.4.19.zip is
>
>   24517ee43881ee52ccd52996ac3d298f0eb000ac36d59d59c2e5ef0c3ef9eb88
>