NetBSD Problem Report #51115
From dholland@macaran.eecs.harvard.edu Thu May 5 00:54:22 2016
Return-Path: <dholland@macaran.eecs.harvard.edu>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 567027A470
for <gnats-bugs@gnats.NetBSD.org>; Thu, 5 May 2016 00:54:22 +0000 (UTC)
Message-Id: <20160505005227.F09496E264@macaran.eecs.harvard.edu>
Date: Wed, 4 May 2016 20:52:27 -0400 (EDT)
From: dholland@eecs.harvard.edu
Reply-To: dholland@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: release sum file signatures should be in release dirs
X-Send-Pr-Version: 3.95
>Number: 51115
>Category: security
>Synopsis: release sum file signatures should be in release dirs
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: security-officer
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu May 05 00:55:00 +0000 2016
>Originator: David A. Holland
>Release: NetBSD 7.0
>Organization:
>Environment:
System: irrelevant
Architecture: x86_64
Machine: amd64
>Description:
It seems that while the sum files for releases are signed, the
signatures are squirrelled away in a different directory on the
website/ftp site so you have to (a) know they exist and then (b) go
hunting for them.
They should be copied into the directories holding the sum files. This
should also be made part of the release process so it doesn't get
forgotten next time.
>How-To-Repeat:
>Fix:
.
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.