[FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)

Jesse Keating jkeating at j2solutions.net
Sat Jan 31 20:36:38 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 31 January 2004 11:49, Todd wrote:
> I have a policy question.  How many verifications are considered
> enough to push out an update?  I'd almost finished verifying these
> packages on all three redhat releases when this came out.  I'd checked
> the bugzilla entry regularly to make sure that there weren't already
> several gpg signed verifications.  There was, and still is, only one
> that I can see.  It seems to me that more than one should be required
> before pushing the update (not that I disagree with Christian's
> verification, I was about to add a similar entry to bugzilla).

Usually it's one per release.  There were two un-signed verifies for 7.3, 
so I took that as  one verified (plus I did my own verification on 7.3).

> Clarification on what the policy is would be appreciated.  It might
> save some time for folks working on verifying packages.
>
> > SHA1 sum                                 Package Name
> > ----------------------------------------------------------------------
> >----- a10c0d99cd919f459a25fdb5562d6907667b33d3
> > 7.2/updates/SRPMS/tcpdump-3.6.3-17.7.2.4.legacy.src.rpm
> > e3777ee05d6b57a81fa08a96b64aa45a0758e42f
> > 7.2/updates/i386/tcpdump-3.6.3-17.7.2.4.legacy.i386.rpm
> > 795dd99495f288aacea6a8775e9aba8eb801e570
> > 7.2/updates/i386/libpcap-0.6.2-17.7.2.4.legacy.i386.rpm
> > 8e860cb231b7dd59345c2f82531d527ca78090b5
> > 7.2/updates/i386/arpwatch-2.1a11-17.7.2.4.legacy.i386.rpm
>
> There's a minor formatting problem with the SHA1 sums.  They always
> wrap improperly.  Can this be fixed?  It not only looks messy, it
> makes for more work if someone actually wants to copy and paste this
> data into a file so they can check the sums.  I don't know how many
> people do this, I use the gpg sigs instead, but someone must -- else
> they're just wasting space and can be removed entirely.

Can't.  Email client forces lines to be wrapped, either when sent or when 
received.  In the future, when these have a web based counterpart, they'll 
be unwrapped.

- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
Mondo DevTeam		(www.mondorescue.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAHBHW4v2HLvE71NURAqF3AKCvDpKkY1cPDxqjMU9tQmKt1U3HcgCgp+ql
Shn84VaopSc+LDEX+IK/Crk=
=usze
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list