Created attachment 434326 [details] part of emerge log I've received a digest verification failure for chromium source package which was fetched from mirror.yandex.ru (the error is present on both http and ftp resources): !!! Fetched file: chromium-51.0.2704.36.tar.xz VERIFY FAILED! !!! Reason: Failed on SHA256 verification !!! Got: 8ad79c62b9561e5acbb132870dd6c3774b8ca29e08c25acee5f23322258d40f9 !!! Expected: 3573249343c4dc19b5d56c51a6986c4742ba7f62c0c60fea14e2ff146c92d753 A source tarball from the official url (https://commondatastorage.googleapis.com/chromium-browser-official/chromium-51.0.2704.36.tar.xz) passed the digest verification. And since the last goes over https, it gives little bit more confidence that the problem is on the mirror side. Given that mirror.yandex.ru operates on unprotected protocols (i.e. no https), I checked the problem presence from three different servers across city and the sha256 is the same (= bad). The related part of emerge log is attached. Could you investigate the problem?
Actually, when I tried to get diff between source trees, I got an archive corruption message for the "bad" tarball: xz: (stdin): Compressed data is corrupt So, the situation is less about security and more about (probably) a disk storage failure. But this is still a problem for the mirror.
Mirror verification failure confirmed here as well. Same sha256sum result. Yandex mirror not best mirror.
*** This bug has been marked as a duplicate of bug 581924 ***
