installer icon indicating copy to clipboard operation
installer copied to clipboard
verified publisher icon adoptium

please increase version information on releasing new debian packages

Open harridu opened this issue 3 years ago • 6 comments

Apparently the Debian packages for Temurin 7, 11 and 17 have been changed a few days ago without increasing the version information (both package file name and internal version number visible in apt-cache). This leads to problems with reproducibility. Binaries that ought to be identical have different MD5SUMs. It makes Temurin literally unusable for any software escrow service.

harridu avatar May 20 '22 13:05 harridu

@gdams - I think you had a work around for this? (permanent fix in next release cycle)

karianna avatar May 20 '22 13:05 karianna

No

harridu avatar Jun 15 '22 06:06 harridu

@gdams Can you confirm what the permanent fix for this will be going forward so we can ensure it is documented in the release guide please?

sxa avatar Aug 01 '22 09:08 sxa

Closing as we have a permanent fix now. The bot will no longer be able to forcefully overwrite existing packages

gdams avatar Oct 20 '22 16:10 gdams

I'm going to re-open this as @steelhead31 found that he was able to overwrite some files during the January release cycle so it looks like there are cases where they can be overwritten.

(Scott, can you confirm whether that was an overwrite performed as the bot user ID or by something you were doing manually?)

sxa avatar Feb 09 '23 14:02 sxa

it shouldn't be possible with the token we use

gdams avatar Feb 09 '23 14:02 gdams