Hash mismatches from Github releases are a rare but recurrent problem. The issue is ...

2025-05-18 14:32:08

Hash mismatches from Github releases are a rare but recurrent problem.

The issue is that developers sometimes re-publish releases under the exact same version. Since we index based on version, in those cases we keep a stale sha256 hash in our self-signed events.

Github does not expose hashes anywhere in their releases API. I'll see if I can mitigate this with a timestamp check.

quoting
nevent1q…007u
There is a hash mismatch on mempal app, Zapstore (nprofile…tdq0) 🤟

Author Public Key

npub10r8xl2njyepcw2zwv3a6dyufj4e4ajx86hz6v4ehu4gnpupxxp7stjt2p8

Seen on

wss://nostr.mom wss://relay.damus.io

Show more details

Zapstore on Nostr: Hash mismatches from Github releases are a rare but recurrent problem. The issue is ...