Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Today, an issue was raised in one project I use, because their build system rejected an invalid sha256sum while downloading a dependency from a GitHub zip file.
The offending dependency is usrsctp (https://github.com/sctplab/usrsctp) at commit 9d6b99b:
https://github.com/sctplab/usrsctp/archive/9d6b99b10a70f7a63d21cd80d03c353da9ac19d3.zip
This file's sha256sum has always been
d9b7b3350ea0be2a3d1437e404d4852df741c4984b734729c5edc337ff4b7611
GitHub archives are known to be unstable. Packages in the Nix package manager calculates the hash for the unpacked contents of GitHub archives for this precise reason.
https://github.com/NixOS/nixpkgs/issues/32997