Closed Bug 1483637 Opened 7 years ago Closed 7 years ago

Mismatching tarball and signature in latest-mozilla-central{-l10n}

Categories

(Release Engineering :: Release Automation, defect)

Product:
Release Engineering
Component:
Release Automation
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1396337

People

(Reporter: bruno.n.pagani, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Build ID: 20100101 Steps to reproduce: Download those two files: https://download-installer.cdn.mozilla.net/pub/firefox/nightly/latest-mozilla-central/firefox-63.0a1.en-US.linux-x86_64.tar.bz2 https://download-installer.cdn.mozilla.net/pub/firefox/nightly/latest-mozilla-central/firefox-63.0a1.en-US.linux-x86_64.tar.bz2.asc Then, verify the signature: `gpg --verify firefox-63.0a1.en-US.linux-x86_64.tar.bz2.asc` Actual results: It happens from time to time that the signature doesn’t match the tarball, because of caching. This is sort of a follow-up https://bugzilla.mozilla.org/show_bug.cgi?id=1336732. Because of the 1 h caching of those files, an old version of one of these two might be cached while the other one switched to the next build. Expected results: Cache should be invalidated when a new build is pushed. This would even allow to set longer caching periods (like back to 24 h), since you would now control the cache expiration manually anyway.
Component: Operations: Product Delivery → Release Automation: Uploading
Product: Cloud Services → Release Engineering
QA Contact: oremj → mtabara
Version: Trunk → unspecified
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Component: Release Automation: Uploading → Release Automation
You need to log in before you can comment on or make changes to this bug.