Hi,
It will be appreciated if all the checksums of future releases are
signed with a up-to-date version of GPG. There are currently some files,
including all of the Fedora 11 releases that are signed with a
out-of-date version of Gnupg 1.4.5 from 2006, instead of the latest
1.4.9. I don't know if any potential security issue is related to this
practice, but there is quite a large list of security problems between
1.4.5 and 1.4.9.
Some examples:
Gnupg 1.4.5
ftp://alviss.et.tudelft.nl/pub/fedora/linux/releases/10/Fedora/x86_64/iso/SHA1SUM
Gnupg 1.4.9
ftp://alviss.et.tudelft.nl/pub/fedora/linux/releases/10/Live/x86_64/SHA1SUM
Gnupg 1.4.5
ftp://alviss.et.tudelft.nl/pub/fedora/linux/releases/test/11-Beta/Live/x86_64/F11-Beta-x86_64-Live-KDE-CHECKSUM
Bram.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
