On 01/15/2015 07:15 AM, centoslistmail@gmail.com wrote:
On Jan 14 10:37pm, Johnny Hughes wrote:
CentOS Errata and Bugfix Advisory 2015:0048
Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0048.html
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
I was surprised to find that these RPMs were modified and re-released with different sums yet identical version strings. Is this common practice?
No, not at all
There was what we thought was a huge problem with the packages, that ended up being this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1182337
http://lists.centos.org/pipermail/centos-announce/2015-January/020880.html
The reason they are different was that we rebuilt and resigned the packages in our troubleshooting of how it completely rendered yum and rpm unusable .. then we found the cause.
But, since we found that the issue was an upstream bug (ie, centos matches rhel and they have to fox the issue, or not fix it), we decided to re-release. However, I did not save the original signed packages, so I had to resign the first ones and release them. The only differences between the two package sets, if you were to compare them would be the signing data/time.
Sorry for the inconvenience.
Thanks, Johnny Hughes