[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Testers needed for Tomcat security update

On Mon, Jan 30, 2012 at 07:25:34AM -0800, tony mancill wrote:
> On 01/30/2012 05:55 AM, Dominic Hargreaves wrote:
> > On Sun, Jan 29, 2012 at 01:14:20PM +0100, Moritz Mühlenhoff wrote:
> >> Moritz Mühlenhoff <jmm@inutil.org> schrieb:
> >>> Hi,
> >>> the changes needed to secure Tomcat against the recent hash collision
> >>> attack are large and instrusive. That's why we decided to update to
> >>> 6.0.35 in the upcoming stable update.
> >>>
> >>> No breakage is expected, but we need more "beta testers" before we 
> >>> can release the update. The packages can be fetched from 
> >>> http://people.debian.org/~tmancill/ (6.0.35-1+squeeze1)
> >>>
> >>> Please send negative/positive test feedback to jmm@debian.org
> >>
> >> We've received no feedback so far. In the absence of feedback, there
> >> won't be a DSA.
> > 
> > I can try and get some testing of this done, but could you (or tmancill?)
> > provide signed checksums for those packages?
> > 
> > Cheers,
> > Dominic.
> 
> Hi Dominic,
> 
> The .changes file [1] contains checksums and is signed with my GPG key,
> which is part of the Debian keyring.  Do you need something different/in
> addition to this?

Ah, I was looking at the wrong changes file - 
<http://people.debian.org/~tmancill/tomcat6_6.0.28-9+squeeze1_i386.changes>
- which isn't signed.

Sorry for the noise.

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply to: