-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-06-14 at 09:22 +0100, Benji Weber wrote:
Greetings,
Could you please publish signatures for the 11.0 ISOs at release? I believe they were never published for 10.3, I never got a reply to my question on the subject[0].
I hope it does not take someone distributing a CD image with a goatse bootloader and the same md5sum for this to be done.
__ [0] http://lists.opensuse.org/opensuse-security/2007-10/msg00001.html
I'm sorry, I don't quite understand. The checksum for the ISO file checks the entire ISO file including the bootloader, so I don't see how the bootloader can be altered and the iso still pass the test. Perhaps you mean altering the internal check process of the install DVD? I suppose that would be possible, and would be possible even if pgp signatures were used. The only safe procedure is to test the iso file or dvd externally.. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIU59TtTMYHG2NR9URAt44AJ4vcV70pLaiwmbfa3hjw2PNrZCPxwCfcQfa xGPGte6k0qVjp8POXSNoPQQ= =2kol -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org