Source code checksum changed

[fxcoudert]

The source code for https://github.com/beast-dev/beast-mcmc/archive/v1.10.4.tar.gz had SHA256 checksum e2f8a30e4f695bf0e58ac3e94778459a1db6cd0d476556d86c563e4b6a1181f7 when it was first released (as confirmed by Homebrew testing). But now the checksum for this same file is 6e28e2df680364867e088acd181877a5d6a1d664f70abc6eccc2ce3a34f3c54a.

Is this a "legitimate" re-release, or was the code modified for malicious purposes?

[rambaut]

beast-mcmc-1.10.4.tar.gz is the source tarball that is generated automatically by GitHub when a release is done. It is possible I edited the release page after the tagging and GitHub regenerated this tarball. But there is no way of anyone uploading the source tarball as far as I know so I would assume it is fine. It also has no binary code in it so it could be compared with the Repo source code for that tag.