NetBSD Problem Report #51115

From  Thu May  5 00:54:22 2016
Return-Path: <>
Received: from ( [])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "", Issuer "Postmaster" (verified OK))
	by (Postfix) with ESMTPS id 567027A470
	for <>; Thu,  5 May 2016 00:54:22 +0000 (UTC)
Message-Id: <>
Date: Wed,  4 May 2016 20:52:27 -0400 (EDT)
Subject: release sum file signatures should be in release dirs
X-Send-Pr-Version: 3.95

>Number:         51115
>Category:       security
>Synopsis:       release sum file signatures should be in release dirs
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    security-officer
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu May 05 00:55:00 +0000 2016
>Originator:     David A. Holland
>Release:        NetBSD 7.0
System: irrelevant
Architecture: x86_64
Machine: amd64

It seems that while the sum files for releases are signed, the
signatures are squirrelled away in a different directory on the
website/ftp site so you have to (a) know they exist and then (b) go
hunting for them.

They should be copied into the directories holding the sum files. This
should also be made part of the release process so it doesn't get
forgotten next time.



NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD:,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.