Re: Testers needed for Tomcat security update
On Mon, Jan 30, 2012 at 07:25:34AM -0800, tony mancill wrote:
> On 01/30/2012 05:55 AM, Dominic Hargreaves wrote:
> > On Sun, Jan 29, 2012 at 01:14:20PM +0100, Moritz Mühlenhoff wrote:
> >> Moritz Mühlenhoff <jmm@inutil.org> schrieb:
> >>> Hi,
> >>> the changes needed to secure Tomcat against the recent hash collision
> >>> attack are large and instrusive. That's why we decided to update to
> >>> 6.0.35 in the upcoming stable update.
> >>>
> >>> No breakage is expected, but we need more "beta testers" before we
> >>> can release the update. The packages can be fetched from
> >>> http://people.debian.org/~tmancill/ (6.0.35-1+squeeze1)
> >>>
> >>> Please send negative/positive test feedback to jmm@debian.org
> >>
> >> We've received no feedback so far. In the absence of feedback, there
> >> won't be a DSA.
> >
> > I can try and get some testing of this done, but could you (or tmancill?)
> > provide signed checksums for those packages?
> >
> > Cheers,
> > Dominic.
>
> Hi Dominic,
>
> The .changes file [1] contains checksums and is signed with my GPG key,
> which is part of the Debian keyring. Do you need something different/in
> addition to this?
Ah, I was looking at the wrong changes file -
<http://people.debian.org/~tmancill/tomcat6_6.0.28-9+squeeze1_i386.changes>
- which isn't signed.
Sorry for the noise.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply to: