On 15 January 2017 at 22:22, Ivan Kabaivanov
Hi,
first time poster here.
I've been compiling boost from source for about 8 years now. I download the packages from sourceforge.net (https://sourceforge.net/projects/boost/files/boost/1.63.0/).
Lately (last few releases) I notice a troubling trend -- the same package, say boost_1_63_0.tar.bz2 will have a different md5 hash if downloaded again a few weeks after being downloaded for the first time.
Case in point:
boost_1_63_0.tar.bz2, downloaded around Fri Dec 30 17:11:50 2016 +0200 (GMT+2) had md5 hash d17537e28aa2131fa192ce2870ce72a3. The very same file, dowloaded today (January 15, 2017) has a new md5 hash: 1c837ecd990bb022d07e7aab32b09847.
Checking the copy of that file on the web server: $ ls -l boost_1_63_0.tar.bz2 -rw-r--r--. 1 dnljms guests 81984414 Dec 26 18:35 boost_1_63_0.tar.bz2 $ md5sum boost_1_63_0.tar.bz2 1c837ecd990bb022d07e7aab32b09847 boost_1_63_0.tar.bz2 So your new download has the same md5 hash as a download from the time of release. I wonder if this is related to the email linked below? The dates match. http://lists.boost.org/Archives/boost/2016/12/232220.php Another possibility is that your old download is a snapshot. They have the same file names as releases, which is a bit confusing: https://sourceforge.net/projects/boost/files/boost/snapshots/master/ The diff you posted suggests it was a different documentation build (the changes are ids which are different for every build), rather than sourceforge modifying the file.