I also have to confess that I only focused on downloading file email-2.0.0.po that belongs to the project's git
master branch, (stupidely and non-professionnally) forgetting that author Roberta Bobbi Webber-Manners actually published other branches and tags for this piece of software...
Your answer therefore pushed me to further investigate on my side: for each tag and branch of the emailer project, I downloaded file emailer-2.0.0.po whenever it exists, then I run a crc32 command on the downloaded files, in order to find out whether (by chance) one or several of them may exhibit TOSEC-2021-12-21's referenced CRC value abfe2889.
Here are the results returned by the command :
fee094af emailler-v2.0.0_tag2.1.0.po
fee094af emailler-v2.0.0_tag2.1.1.po
fee094af emailler-v2.0.0_tag2.1.2.po
fee094af emailler-v2.0.0_tag2.1.3.po
fee094af emailler-v2.0.0_tag2.1.4.po
fee094af emailler-v2.0.0_tag2.1.5.po
fee094af emailler-v2.0.0_tag2.1.6.po
fee094af emailler-v2.0.0_tag2.1.7.po
fee094af emailler-v2.0.0_tag2.1.8.po
fee094af emailler-v2.0.0_tag2.1.9.po
fee094af emailler-v2.0.0_tag2.1.10.po
fee094af emailler-v2.0.0_tag2.1.11.po
fee094af emailler-v2.0.0_tag2.1.12.po
fee094af emailler-v2.0.0_tag2.1.13.po
fee094af emailler-v2.0.0_release-develop.po
fee094af emailler-v2.0.0_release-master.po
Conclusion 1: so far, unless I missed one or several published files, it seems that all the downloaded email-2.0.0.po files have the same fee094af CRC value, whatever the tag or release they originate from. It would therefore be very interesting to find out where your email-2.0.0.po file version comes from.
Conclusion 2: as you suggested, the initial file you downloaded may have been replaced by the version I downloaded later. Concerning this point, you can notice that author Roberta Bobbi Webber-Manners did not produce an email-2.0.0.po file in published tag "email-2.0.0". I mean: at today's date, this file does not show up in this tag. A possible explanation could be she published this tag with an existing email-2.0.0.po file (the one you downloaded with CRC value abfe2889), then for some (yet) unknown reason, she may have deleted this tag then published it again later, forgetting to include file email-2.0.0.po file; then she would have published file email-2.0.0.po in the next tag (email-2.1.0) with CRC value fee094af.
I am not 100% certain this explanation is THE explanation, but it could be one of those nightmare git-related scenarios that may have happened.
Besides these two conclusions above, I am attracting your atttention on the following point you've probably been deeply thking of before.... just giving my personal viewpoint on this : given the "odd" ways git repos are administered by some software authors, I am really wondering whether such ways are compatible with the TOSEC philosophy, i.e. given the number of temporary tags produced by dev teams (tens or hundreds), does it really make sense for TOSEC to collect all of these temporary tags, most of which are not even even considered by the authors for production purpose? For example, in the case of of the emailer software project, does it make sense to include release 2.0.0 in TOSEC whereas this file only shows up later in published tag 2.1.0?
As far as I am concerned as a software developer and as a git casual practicioner, I tend to create public tags only for temporary dev or test purpose, naming them using nicknames and/or dates, whereas once a tag is "stable" for prod, I then create a branch and name it using the usual release naming conventions (1.2.0, 2.2.3, etc.). IMHO, only such branches should be realistically considered to be included in TOSEC's database. Otherwise, the risk for TOSEC with such ongoing software projects like project emailer is that on the medium/long term TOSEC may become a overcroweded Git annex that references every temporary tags of such projects.... Would it make sense?? Is it really TOSEC's purpose to behave as a SCMS ?
Hope this investigation and my rhetoric questions above will help your own investigations of this "weird" case
Btw, I forgot to tell you something I really wanted to tell TOSEC's hardworkers since all those years I've been following this project: thanks for your great work !
Kind regards,
Chown