Subject: Re: NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code
To: Olaf Seibert <rhialto@polderland.nl>
From: David Maxwell <david@vex.net>
List: current-users
Date: 08/02/2002 15:08:16
On Fri, Aug 02, 2002 at 05:07:53PM +0200, Olaf Seibert wrote:
> On Fri 02 Aug 2002 at 09:57:28 -0400, NetBSD Security Officer wrote:
> | [-- PGP output follows (current time: Fri Aug  2 17:04:41 2002) --]
> | gpg: Warning: using insecure memory!
> | gpg: Signature made Thu Aug  1 15:37:30 2002 CEST using RSA key ID F8376205
> | gpg: BAD signature from "security-officer@netbsd.org"
> 
>        ^^^
> | 
> | [-- End of PGP output --]
> | 
> | [-- BEGIN PGP SIGNED MESSAGE --]
> > 
> > 		 NetBSD Security Advisory 2002-009
> > 		 =================================
> > 
> > Topic:		Multiple vulnerabilities in OpenSSL code
> 
> This happens with gpg and pgp5 (both far from the latest version no
> doubt). The other advisories sent out today also had bad signatures.
> 
> Earlier signed messages from security-officer@netbsd.org (with the same
> key), such as "NetBSD Security Advisory 2002-006" were ok.

My goof. I didn't mark them -kb in cvs.

The copies on the ftp site and the ones that went to bugtraq are
correct.

We'll use this to see how many people check sigs ;-)

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
All this stuff in twice the space would only look half as bad!
					      - me