On Mon, Jan 30, 2012 at 07:25:34AM -0800, tony mancill wrote: > On 01/30/2012 05:55 AM, Dominic Hargreaves wrote: > > On Sun, Jan 29, 2012 at 01:14:20PM +0100, Moritz Mühlenhoff wrote: > >> Moritz Mühlenhoff <j...@inutil.org> schrieb: > >>> Hi, > >>> the changes needed to secure Tomcat against the recent hash collision > >>> attack are large and instrusive. That's why we decided to update to > >>> 6.0.35 in the upcoming stable update. > >>> > >>> No breakage is expected, but we need more "beta testers" before we > >>> can release the update. The packages can be fetched from > >>> http://people.debian.org/~tmancill/ (6.0.35-1+squeeze1) > >>> > >>> Please send negative/positive test feedback to j...@debian.org > >> > >> We've received no feedback so far. In the absence of feedback, there > >> won't be a DSA. > > > > I can try and get some testing of this done, but could you (or tmancill?) > > provide signed checksums for those packages? > > > > Cheers, > > Dominic. > > Hi Dominic, > > The .changes file [1] contains checksums and is signed with my GPG key, > which is part of the Debian keyring. Do you need something different/in > addition to this?
Ah, I was looking at the wrong changes file - <http://people.debian.org/~tmancill/tomcat6_6.0.28-9+squeeze1_i386.changes> - which isn't signed. Sorry for the noise. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120130152749.gp4...@urchin.earth.li
