, Olaf Seibert <rhialto@polderland.nl>
From: Ignatios Souvatzis <is@netbsd.org>
List: tech-security
Date: 08/02/2002 22:11:12
On Fri, Aug 02, 2002 at 03:08:16PM -0400, David Maxwell wrote:
> On Fri, Aug 02, 2002 at 05:07:53PM +0200, Olaf Seibert wrote:
> > On Fri 02 Aug 2002 at 09:57:28 -0400, NetBSD Security Officer wrote:
> > | [-- PGP output follows (current time: Fri Aug 2 17:04:41 2002) --]
> > | gpg: Warning: using insecure memory!
> > | gpg: Signature made Thu Aug 1 15:37:30 2002 CEST using RSA key ID F8376205
> > | gpg: BAD signature from "security-officer@netbsd.org"
> >
> > ^^^
> > |
> > | [-- End of PGP output --]
> > |
> > | [-- BEGIN PGP SIGNED MESSAGE --]
> > >
> > > NetBSD Security Advisory 2002-009
> > > =================================
> > >
> > > Topic: Multiple vulnerabilities in OpenSSL code
> >
> > This happens with gpg and pgp5 (both far from the latest version no
> > doubt). The other advisories sent out today also had bad signatures.
> >
> > Earlier signed messages from security-officer@netbsd.org (with the same
> > key), such as "NetBSD Security Advisory 2002-006" were ok.
>
> My goof. I didn't mark them -kb in cvs.
>
> The copies on the ftp site and the ones that went to bugtraq are
> correct.
>
> We'll use this to see how many people check sigs ;-)
I'd auto-check them if they had proper PGP/MIME headers...
-is
--
seal your e-mail: http://www.gnupg.org/