Invalid signature

It seems that depending on CDN, the download for can lead in the wrong file being downloaded.
The issue happens randomly (depending on CDN edge probably).
It can be seen there: [Bot] Update dependencies · pypa/manylinux@807782b · GitHub
The sha256 are recorded as well as HTTP response headers.

cc: @ambv

It seems to be working now. No idea why though.