On Mon, Feb 27, 2006 at 11:30:38PM +0100, Malte Gell wrote:
http://www.novell.com/linux/security/advisories/2006_09_gpg.html
The given MD5 5098f06cba2e38aa0b5181fb3f9cd7f3 for the SUSE 10.0 GnuPG 1.4.2-5.2 source RPM
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.2.src.rpm
is wrong, on my machine I get
fe3233bc0b60f6fa67ac6f062af2c793.
But the rpm seems to be signed correctly with the package key 0x9c800aca
This is a problem of the MD5 generation in the advisory tool, not a problem. The cause is that we have multiple SRPMs for the 10.0 distribution, but only one gets copied to the ftp tree (because it is shared for i386,x86_64,ppc and ppc64). So our advisory tool added the wrong one in this case. We will try to avoid this in the future. Ciao, Marcus