On Fri, Feb 28, 2020, 10:33 Randall Leeds <rand...@apache.org> wrote:
> Please verify that the build is from commit > b3d671796422e5583f4ee3cd8ad7bbaa90bc3ffc, tagged as v0.1.0-rc.1, by > checking out the source tree and running `make dist`, verifying that it > produces an identical tarball with the same checksums as the uploaded > artifacts. > This recommendation was slightly incorrect. It is news to me that "git archive" may generate different tarball metadata on different systems. As a result, the checksums may not match, but the contents of the tarball should be identical to source tree. Please use "diff -r" against a clean source and an unpacked artifact.
