Source tarball for 21.10.0 has been re-uploaded/ changed

[dvzrv]

Describe the bug Hi! I package this project for Arch Linux. It appears you have altered the uploaded tarball for 21.10.0:

I have a tarball downloaded on 2021-10-27, which has the b2sum 78fa8e41261eed836edc42cd311f85b46ad81279b33d64ee17a8937e383fea5b87acc589da60be921569e2f6d9a7bdf8ce285515030425ffff86c081bb60a64a. The current tarball however has the checksum 87ea3d94e15f88f1d1e6c495e190e729fb60345336169c17aed9cd8955cc85bc6d802beaa1cd6f779e5586b336bba5c888e29e5a0b0202e6a011de77d89c30c3.

The diff of the contents of the tarballs is:

iff -ruN smtube-21.10.0 old/smtube-21.10.0
diff -ruN smtube-21.10.0/src/svn_revision.h old/smtube-21.10.0/src/svn_revision.h
--- smtube-21.10.0/src/svn_revision.h   2021-10-25 16:01:14.000000000 +0200
+++ old/smtube-21.10.0/src/svn_revision.h       1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-#define SVN_REVISION "1112"

To Reproduce Download a tarball for 21.10.0 on 2021-10-27, then download it now.

Expected behavior The tarballs never change.

Screenshots n/a

Your Enviroment

• SMTube version: 21.10.0
• OS: Arch Linux

Additional context Checksums are used by downstreams to ensure reproducibility for a given package and to guard against supply chain attacks. Arbitrarily changing an already released tarball is bad practice as it breaks reproducibility and has downstreams chasing upstreams to clarify the differences between two tarballs (in this case negligible). Please just release a new version if this happens in the future (e.g. that is what 21.10.1 would be used for), as the consequences for downstreams are not great at all.

[smplayer-dev]

I don't remember exactly why I re-uploaded the package but I'll try to be more careful in the future.