[FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
Jesse Keating
jkeating at j2solutions.net
Sat Jan 31 20:36:38 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 31 January 2004 11:49, Todd wrote:
> I have a policy question. How many verifications are considered
> enough to push out an update? I'd almost finished verifying these
> packages on all three redhat releases when this came out. I'd checked
> the bugzilla entry regularly to make sure that there weren't already
> several gpg signed verifications. There was, and still is, only one
> that I can see. It seems to me that more than one should be required
> before pushing the update (not that I disagree with Christian's
> verification, I was about to add a similar entry to bugzilla).
Usually it's one per release. There were two un-signed verifies for 7.3,
so I took that as one verified (plus I did my own verification on 7.3).
> Clarification on what the policy is would be appreciated. It might
> save some time for folks working on verifying packages.
>
> > SHA1 sum Package Name
> > ----------------------------------------------------------------------
> >----- a10c0d99cd919f459a25fdb5562d6907667b33d3
> > 7.2/updates/SRPMS/tcpdump-3.6.3-17.7.2.4.legacy.src.rpm
> > e3777ee05d6b57a81fa08a96b64aa45a0758e42f
> > 7.2/updates/i386/tcpdump-3.6.3-17.7.2.4.legacy.i386.rpm
> > 795dd99495f288aacea6a8775e9aba8eb801e570
> > 7.2/updates/i386/libpcap-0.6.2-17.7.2.4.legacy.i386.rpm
> > 8e860cb231b7dd59345c2f82531d527ca78090b5
> > 7.2/updates/i386/arpwatch-2.1a11-17.7.2.4.legacy.i386.rpm
>
> There's a minor formatting problem with the SHA1 sums. They always
> wrap improperly. Can this be fixed? It not only looks messy, it
> makes for more work if someone actually wants to copy and paste this
> data into a file so they can check the sums. I don't know how many
> people do this, I use the gpg sigs instead, but someone must -- else
> they're just wasting space and can be removed entirely.
Can't. Email client forces lines to be wrapped, either when sent or when
received. In the future, when these have a web based counterpart, they'll
be unwrapped.
- --
Jesse Keating RHCE (http://geek.j2solutions.net)
Fedora Legacy Team (http://www.fedoralegacy.org)
Mondo DevTeam (www.mondorescue.org)
GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAHBHW4v2HLvE71NURAqF3AKCvDpKkY1cPDxqjMU9tQmKt1U3HcgCgp+ql
Shn84VaopSc+LDEX+IK/Crk=
=usze
-----END PGP SIGNATURE-----
More information about the fedora-legacy-list
mailing list