Bram_Gro wrote: > It will be appreciated if all the checksums of future releases are > signed with a up-to-date version of GPG. There are currently some > files, including all of the Fedora 11 releases that are signed with > a out-of-date version of Gnupg 1.4.5 from 2006, instead of the > latest 1.4.9. I don't know if any potential security issue is > related to this practice, but there is quite a large list of > security problems between 1.4.5 and 1.4.9. You're presuming that the gnupg used is an unpatched version. More likely, it's the version shipped by RHEL, which has any known security fixes backported. I don't think there's anything to worry about here. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cover a war in a place where you can't drink beer or talk to a woman? Hell no!" -- Hunter S. Thompson
Attachment:
pgpDL5LVslkQS.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines