Checksum change for rtmidi-6.0.0.tar.gz

[jcar87]

We recently published packages for rtmidi 6.0.0 in Conan Center built from rtmidi-6.0.0.tar.gz sources, which had a sha256 checksum of 3336248e8c1f054ea5e51a4449558490dca51edd324fcde0eea27df33b80a9ed.

It appears that the checksum of this file has now changed to 5960ccf64b42c23400720ccc880e2f205677ce9457f747ef758b598acd64db5b.

I'm inquiring to confirm if the contents of the file have changed, and what the changes are. For security reasons, we only update previously saved checksums once we discard any security issues.

Changes in contents of published source packages pose challenges:

• users expecting to build from source will get a checksum failure when downloading rtmidi-6.0.0.tar.gz
• if there are changes in source code, we are unable to reproduce builds from those sources
• we can update the checksum to the new one (once we confirm there wasn't any security breach), but this can mean that some users have binaries for 6.0.0 built from different sources than others

[garyscavone]

It had been brought to my attention that the version of tar that I used to create the 6.0.0 release distribution was including some file system attributes. I thus regenerated the distribution a few days later to avoid that. No changes to the code were made between the two.

[jcar87]

Thanks for confirming!