search

mobile-shell / mosh

Mobile Shell
https://mosh.org
GNU General Public License v3.0
12.59k stars 729 forks source link

About release 1.4.0 #1237

Closed chenrui333 closed 1 year ago

chenrui333 commented 1 year ago

Did release 1.4.0 got re-tagged? Found the checksum mismatch when building the new bottle, raising this issue to double confirm. Thanks!

eminence commented 1 year ago

It didn't get re-tagged, but the source tarball on the github release page did get re-uploaded.

The version of the tarball that's available now (both on github and mosh.org) is the right version to use, with sha256:872e4b134e5df29c8933dff12350785054d2fd2839b5ae6b5587b14db1465ddd

It seems that some people downloaded the tarball from github before the official announcement (and re-upload), and this has caused some confusion. We're sorry about this.

chenrui333 commented 1 year ago

It didn't get re-tagged, but the source tarball on the github release page did get re-uploaded.

The version of the tarball that's available now (both on github and mosh.org) is the right version to use, with sha256:872e4b134e5df29c8933dff12350785054d2fd2839b5ae6b5587b14db1465ddd

It seems that some people downloaded the tarball from github before the official announcement (and re-upload), and this has caused some confusion. We're sorry about this.

no worries, just to double confirm the release flow. Thanks!!

keithw commented 1 year ago

Historically, for every version, I've built the release tarball and put the SHA-256 hash of it in the PGP-signed release announcement (https://mosh.org/mosh-1.4.0-released.html). The release tarball itself is published on mosh.org and is mirrored elsewhere.

We now have a GitHub workflow that auto-builds release tarballs, and I expect soon we'll move to signing those (and just double-checking their output) instead of building locally, but I wanted to stay consistent with past practice for this release. The PGP-signed release announcement is the authoritative description of the release.