[opensuse-factory] security-announce no longer PGP signed?
Just noticed, security announce mailing list messages are no longer PGP signed? Whats up? -johnm -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, Feb 12, 2013 at 12:07:12PM -0900, johnm wrote:
Just noticed, security announce mailing list messages are no longer PGP signed? Whats up?
The security update notices we push have never been signed since we started them. This is fine. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-ID:
On Tue, Feb 12, 2013 at 12:07:12PM -0900, johnm wrote:
Just noticed, security announce mailing list messages are no longer PGP signed? Whats up?
The security update notices we push have never been signed since we started them.
Not true. Look at this one: +++······························· Date: Thu, 6 Jun 2002 04:46:55 +0200 (MEST) From: Roman Drahtmueller <....@suse.de> To: suse-security-announce@suse.com Subject: [suse-security-announce] SuSE Security Announcement: bind9/bind9-beta (SuSE-SA:2002:021) - ----------- GPG signed message, verified on 2013-02-12 22:34:15 ------------ ·······························++- I just looked at the first update email I found in my archive, I can find out when they stopped using GPG. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlEau+gACgkQtTMYHG2NR9U1mwCgmMOePbLWegbCO650kecDyBfC EbAAn0rXK5pkBIKRXIS8CrazietSLti/ =s+64 -----END PGP SIGNATURE-----
On Tue, Feb 12, 2013 at 11:02:16PM +0100, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Content-ID:
On Tuesday, 2013-02-12 at 22:22 +0100, Marcus Meissner wrote:
On Tue, Feb 12, 2013 at 12:07:12PM -0900, johnm wrote:
Just noticed, security announce mailing list messages are no longer PGP signed? Whats up?
The security update notices we push have never been signed since we started them.
Not true. Look at this one:
+++······························· Date: Thu, 6 Jun 2002 04:46:55 +0200 (MEST) From: Roman Drahtmueller <....@suse.de> To: suse-security-announce@suse.com Subject: [suse-security-announce] SuSE Security Announcement: bind9/bind9-beta (SuSE-SA:2002:021)
- ----------- GPG signed message, verified on 2013-02-12 22:34:15 ------------ ·······························++-
I just looked at the first update email I found in my archive, I can find out when they stopped using GPG.
Begin of 2012 we started to publish fully automated advisories and stopped doing old style advisories. As they are automated it is hard to sign them. We can add it, but I think no one ever checked their signatures anyway. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2013-02-12 at 23:10 +0100, Marcus Meissner wrote:
Begin of 2012 we started to publish fully automated advisories and stopped doing old style advisories.
As they are automated it is hard to sign them. We can add it, but I think no one ever checked their signatures anyway.
That makes sense and is acceptable. But then it is true what the OP posted, that they are no longer PGP signed, and they were before. (I did check those signatures, by the way) - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlEhgS0ACgkQtTMYHG2NR9WN2gCfa1hTp1BbKq1aTsKA6Bkywm0+ yuQAoI34BysY64mOKF/IIKcNrcBN54IF =0Fpv -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (3)
-
Carlos E. R. -
johnm -
Marcus Meissner