Bad gpg signatures on debian-security-announce

To: debian-user@lists.debian.org
Subject: Bad gpg signatures on debian-security-announce
From: Walt Mankowski <waltman@netaxs.com>
Date: Wed, 22 Nov 2000 21:52:17 -0500
Message-id: <[🔎] 20001122215217.A21542@netaxs.com>
Mail-followup-to: debian-user@lists.debian.org

Lately I've been noticing a number of messages on the
debian-security-announce list with bad gpg signatures.  I compared
these messages to the same ones posted to the web archives and
discovered that they were not identical.  Interestingly, the messages
in the archives had GOOD signatures, while the ones being posted to
the list often do not.

The difference is in the section that looks like this in the emails
with the bad signatures:

Package: modutils
Problem type   : local buffer overflow
Debian-specific: no

Add some spaces to the Package line so that the ":" lines up with the
following lines:

Package        : modutils
Problem type   : local buffer overflow
Debian-specific: no

and gpg reports a good signature.

This problem isn't happening on every announcement, but enough that
it's getting annoying.  Good signatures are vital, particularly on
that list, so that readers can feel confident that the security
announcements are authentic.

Walt

Reply to:

Prev by Date: Re: starting gnome from kde
Next by Date: 3dfx, Potato and X 4.0.1, is this possible? 2
Previous by thread: Re: question about swap space
Next by thread: 3dfx, Potato and X 4.0.1, is this possible? 2
Index(es):
- Date
- Thread