-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi XFSers,
I'm Security Team Leader at sourcemage.org, a source-based GNU/Linux
distribution, and we have something similar to a ports system that
downloads sources from author's websites and compiles them.
We use MD5s to verify the downloaded sources.
dmapi-2.0.5 source changed twice on your server. Once to autoconf
2.53 (on 2002-11-08). Second back to 2.13 (on 2003-02-10). When it
happened the first time, I just checked the diff looking for trojans and
noticed it was just an autoconf change for the most part and updated our
MD5. Now it switched back to 2.13, and the MD5 has to be moved back.
If this happens too many times, I start to lobby the authors to have a
policy of changing the version number (say 2.0.5-2) on the file if they
change a released source file.
I was just wondering if anybody else noticed this and what the problem was
with the newer autoconf.
Seth
- --
Seth Alan Woolley <seth at tautology.org>, SPAM/UCE is unauthorized
Key id 7BEACC7D = 2978 0BD1 BA48 B671 C1EB 93F7 EDF4 3CDF 7BEA CC7D
Full Key at seth.tautology.org, see www.gnupg.org www.keyserver.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (FreeBSD)
iD8DBQE+SYeO7fQ833vqzH0RAhYHAKDC1uPeK96+jJJJEXXfWWbl8mQjCwCgvnOp
v4AFc5MbZ25WgAGjLYNn6dE=
=UsWV
-----END PGP SIGNATURE-----
|