<farkuhar>
beerman: libmad now has a signature mismatch. I think you generated the shasums using an older tarball (one that unpacks into $name-$version rather than $name).
<beerman>
but how would I have built it that way that i did with using $name-$version? 🤔
<farkuhar>
I dunno, maybe the tarball was already present on disk, so you didn't have to fetch from the newer url.
<farkuhar>
I think the older tarball was hosted on the non-resolving domain crux.ster.zone, but it's easy to see how you might have already had it saved locally.
<beerman>
but it didn't unpack to $name-$version before the change
<farkuhar>
actually the old source url failed 404 for a different reason: the project migrated away from github. Anyway, it's all fixed now.
<beerman>
¯\_(ツ)_/¯
<farkuhar>
semi-related to moving scummvm from opt to contrib ... we still have librsvg-compat in opt, but it hasn't received any backported bugfixes since 2020. Even with "Unmaintained" appearing prominently in the Pkgfile header, keeping librsvg-compat in opt might give users the impression that it's safe to install.
<beerman>
obvious "i would drop it"
<farkuhar>
the lack of any librsvg CVE reports since 2019 could be because there really aren't any exploits, or because the pre-rustified code stopped getting tested so extensively. Safer just to drop it, as beerman says.
<farkuhar>
or move librsvg-compat (and its dependency libcroco) to contrib, where users have been warned to be extra-suspicious of port quality (considering the garbage that idiots like me have been known to push there)