On 01/30/2012 05:55 AM, Dominic Hargreaves wrote: > On Sun, Jan 29, 2012 at 01:14:20PM +0100, Moritz Mühlenhoff wrote: >> Moritz Mühlenhoff <jmm@inutil.org> schrieb: >>> Hi, >>> the changes needed to secure Tomcat against the recent hash collision >>> attack are large and instrusive. That's why we decided to update to >>> 6.0.35 in the upcoming stable update. >>> >>> No breakage is expected, but we need more "beta testers" before we >>> can release the update. The packages can be fetched from >>> http://people.debian.org/~tmancill/ (6.0.35-1+squeeze1) >>> >>> Please send negative/positive test feedback to jmm@debian.org >> >> We've received no feedback so far. In the absence of feedback, there >> won't be a DSA. > > I can try and get some testing of this done, but could you (or tmancill?) > provide signed checksums for those packages? > > Cheers, > Dominic. Hi Dominic, The .changes file [1] contains checksums and is signed with my GPG key, which is part of the Debian keyring. Do you need something different/in addition to this? Thank you, tony [1] http://people.debian.org/~tmancill/tomcat6_6.0.35-1+squeeze1_amd64.changes
Attachment:
signature.asc
Description: OpenPGP digital signature