[ATrpms-users] checksum issues
Axel Thimm
Axel.Thimm at atrpms.net
Sun May 28 22:32:39 CEST 2006
On Sun, May 28, 2006 at 03:22:51PM -0500, hondaman wrote:
> Axel, thanks for what you do.
>
> Do you report stuff like this to RH or whoever is responsible? Do you
> pass along yum problems to the yum ppl? Or should we be doing that?
Sometimes I do, but if I'm the sole upstream reporting channel I
wouldn't be doing anything else :(
I also gave up communication with the yum developer. Last time I
forwarded a yum report I was told four letter words to shut up, and
since I've kept some distance.
So, yes, if you report stuff like these upstream I (and all others of
course) will be very grateful, thanks!
BTW I'll be recreating all checksums to fix the current issues, but
the next time someone at Red Hat changes the packages after they have
been released w/o changing version/release information it will happen
again. :/
> Axel Thimm wrote:
> > On Sun, May 28, 2006 at 10:09:58AM -0700, Brett Hollon wrote:
> >
> >> [Lots of previous discussion cut]
> >>
> >> Axel,
> >>
> >> If the checksums don't match, is it possible that repository has been
> >> hacked, and (some of) the packages are trojans?
> >>
> >
> > No, it is just sloppy packagers at Red Hat that silently resigned the
> > packages after having sent out the update announcements.
> >
> > But your concerns are justified and I hope s/o raises them at Red
> > Hat, too. Currently no updates/errata from a couple of weeks ago
> > matches with what the upstream repos really ship.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.atrpms.net/pipermail/atrpms-users/attachments/20060528/b968cbec/attachment.bin
More information about the atrpms-users
mailing list