[Biopython] Community help needed to verify checksums for past releases

Tue Apr 26 08:29:41 UTC 2016

Hello all,

Good news: All the *.tar.gz files have been checked now.

However, help is still needed: Most of the *.exe files have not
been checked yet. Also most of the *.zip files, but those are
not as important.

--

Many thanks to Martin Mokrejs who had a lot of the recent
tar-balls, which has filled out most of the recent releases.

Martin and Andrey also suggested looking at the checksums
recorded by Ubuntu within their packaging .dsc files, although
unfortunately that does not seem to help - I think they must
recompress as .tar.xy before taking the checksums:
http://archive.ubuntu.com/ubuntu/pool/universe/p/python-biopython/

They also mentioned Gentoo, whose git repository covers our
Biopython 1.65 and 1.66 releases so far:

https://github.com/gentoo/gentoo/blob/master/sci-biology/biopython/Manifest

And their CVS which older checksums...

https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sci-biology/biopython/Manifest?view=log

Thanks to this I think I have now independently verified all the
Biopython *.tar.gz release files, and am currently trying to upload
them to GitHub at https://github.com/biopython/DIST

Peter

On Mon, Apr 25, 2016 at 11:01 PM, Peter Cock <p.j.a.cock at googlemail.com> wrote:
> Dear Biopython developers,
>
> Thank you to everyone who has helped with the website
> migration to GitHub - I think this has gone pretty well overall:
>
> https://biopython.org
>
> The good news is the new GitHub Pages website seems to
> be working nicely, and during this we've updated a lot of older
> content. While there is still lots to fine tune, for me this is the
> biggest remaining issue:
>
> *Providing all the past releases via GitHub Pages*
> https://github.com/biopython/biopython.github.io/issues/7
>
> The sudden Biopython website migration was forced by the old
> server failing after it was hacked to host spam advertising.
> I would like your help here with verifying the checksums of our
> past releases before putting them back online - just in case any
> of the files rescued from the old server were corrupted when it
> was hacked to host spam adverts. All the files checked so far
> are fine, so this is likely just me being paranoid.
>
> If anyone has old cached Biopython files under their Downloads
> folder etc, could you reply with their checksums please?
>
> Linux,
>
> shasum - a 256 ~/Downloads/biopython-*
> md5sum ~/Downloads/biopython-*
>
> Mac OS X,
>
> shasum - a 256 ~/Downloads/biopython-*
> md5 ~/Downloads/biopython-*
>
> (Checksum tools suggestions for Windows welcome)
>
> You can use the mailing list, GitHub issue, or email me directly:
> https://github.com/biopython/biopython.github.io/issues/7
>
> Don't worry about repeating checksums for files other people
> have reported, a little duplication here is a good thing ;)
>
> With hindsight it would have been good security practice to have
> included the checksums of our releases with the Biopython release
> announcements (and SHA256 would be better than MD5). We'll
> do that in future:
>
> https://github.com/biopython/biopython.github.io/issues/56
>
> Thank you,
>
> Peter
>
> (Speaking here as a Biopython developer. I am also the on
> the Open Bioinformatics Foundation board as the current
> secretary, and volunteer to do some of the lighter SysAdmin
> work on the OBF servers)