In article <[EMAIL PROTECTED]> you wrote:
> Then they can wget the Release.gpg file, Release file, Packages file
> and check each in turn. Their choice.
Which is much more complicated than checking a given fingerprint (which is
very usual for Advisories)
Gruss
Bernd
--
To UNSUBSCRIBE, email to
* Steffen Schulz:
> If for whatever reason people get untrustworthy, it would be nice to
> know as soon as possible, no? Government, Money, ..
Well, in this case, you're barking up the wrong tree. What you really
want is some kind of audit trail, which might increase confidence in
the integrity
* Steffen Schulz:
> On 070613 at 10:43, Florian Weimer wrote:
>> > AND the fact that it needs to be a valid .deb archive, they are
>> > probably more than strong enough.
>
> This is actually not much of a problem:
>
> http://www.cits.rub.de/MD5Collisions/
>
> One example how to create two files wi
On Fri, Jun 15, 2007 at 07:16:00PM +0200, Willi Mann wrote:
> However, the advisory is still missing.
Yes, so are 3 archs - we're working on it :)
If you're curious, you can see the draft dsa text here:
svn cat svn://svn.debian.org/svn/kernel-sec/dsa-texts/2.6.8-sarge7
--
dann frazier
--
To
> [EMAIL PROTECTED]:~$ wget -O - \
> http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz
> \
> 2> /dev/null | gunzip | grep kernel-image-2.6-386
> Package: kernel-image-2.6-386
> Filename:
> pool/updates/main/k/kernel-latest-2.6-i386/kernel-image-2.6-386_101sarge2_i386
On Fri, Jun 15, 2007 at 06:08:08PM +0200, Willi Mann wrote:
> Hi!
>
> Since yesterday, a new kernel for sarge seems to be available. However,
> the kernel-image meta package 101sarge2 was only available yesterday.
> Today, it's no longer available.
>
> What has happened here?
[EMAIL PROTECTED]:~
On Fri, 2007-06-15 at 18:08 +0200, Willi Mann wrote:
> Hi!
>
> Since yesterday, a new kernel for sarge seems to be available. However,
> the kernel-image meta package 101sarge2 was only available yesterday.
> Today, it's no longer available.
>
> What has happened here?
Something strange is certa
Hi!
Since yesterday, a new kernel for sarge seems to be available. However,
the kernel-image meta package 101sarge2 was only available yesterday.
Today, it's no longer available.
What has happened here?
Willi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troub
On Thu, Jun 14, 2007 at 10:23:28PM +0100, Lesley wrote:
> I hope someone can help. With no intervention from me I get the
> following on an apt-get upgrade after an apt-get update
>
> The following packages have been kept back:
> icedove openoffice.org openoffice.org-base openoffice.org-calc
Bernd Eckenfels <[EMAIL PROTECTED]> writes:
> In article <[EMAIL PROTECTED]> you wrote:
>> I don't understand why DSAs for etch include md5sums and manual upgrade
>> instructions at all. Apt can verify the checksum and gpg signature and
>> handle the upgrade after all, and probably more securely t
10 matches
Mail list logo
