X2Go Bug report logs - #897
epel 5 repos have signature errors

version graph

Package: buildscripts; Maintainer for buildscripts is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Christian Trenkwalder <christian.trenkwalder@nxp.com>

Date: Tue, 30 Jun 2015 09:40:02 UTC

Severity: normal

Found in version 0

Done: Mihai Moldovan <ionic@ionic.de>

Bug is archived. No further changes may be made.

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#897: [X2Go-Dev] Bug#897: epel 5 repos have signature errors
Reply-To: Mihai Moldovan <ionic@ionic.de>, 897@bugs.x2go.org, 897@bugs.x2go.org
Resent-From: Mihai Moldovan <ionic@ionic.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Wed, 01 Jul 2015 23:50:01 +0000
Resent-Message-ID: <handler.897.B897.14357946008963@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 897
X-X2Go-PR-Package: <buildscripts>
X-X2Go-PR-Keywords: 
Received: via spool by 897-submit@bugs.x2go.org id=B897.14357946008963
          (code B ref 897); Wed, 01 Jul 2015 23:50:01 +0000
Received: (at 897) by bugs.x2go.org; 1 Jul 2015 23:50:00 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from Root24.de (powered.by.root24.eu [5.135.3.88])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 576595DA85
	for <897@bugs.x2go.org>; Thu,  2 Jul 2015 01:49:58 +0200 (CEST)
Received: from nopileos.local (home.ionic.de [217.92.117.31])
	by mail.ionic.de (Postfix) with ESMTPSA id 1B2B64F04FFC
	for <897@bugs.x2go.org>; Thu,  2 Jul 2015 01:49:58 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default;
	t=1435794598; bh=NEYb7eZCHWhVO6w1DtLTFLLeUL1Bd5fxQs4xyunZS2I=;
	h=Subject:Reply-To:References:To:From:Date:In-Reply-To:From;
	b=eD6X8JiOg/KLbx26WrHmea6KNa8A5tXeE5FfOFWlMjmONYjIvsTi4inWSMjH+8i4x
	 2uYYLEjWvReka0md0/Q+CyKMzYiZZqK5BF3qOC7EPGOlzKLnhC2izrzHG4bjO870LU
	 0E9mej4GDJdrkjl+BJ2+pSCdoA8NLget4bSpsJs8=
References: <55925FB9.4070405@nxp.com> <5592E97E.4020704@ionic.de>
 <5593B2FE.405@nxp.com> <5593C4D1.5070609@gmx.de> <559411C6.2060808@ionic.de>
To: 897@bugs.x2go.org
From: Mihai Moldovan <ionic@ionic.de>
X-Enigmail-Draft-Status: N1110
Message-ID: <55947CA0.4030209@ionic.de>
Date: Thu, 2 Jul 2015 01:49:52 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0)
 Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <559411C6.2060808@ionic.de>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="UKvo2xIPq998nB3JxbjiS435kwBHhwdFO"

[Message part 1 (text/plain, inline)]
On 01.07.2015 06:13 PM, Mihai Moldovan wrote:
> BUT we do sign the packages with an 2048 bit RSA key. While this is 
> not a bad idea per se, I've read that RHEL5's rpm only supports 1024 
> bit RSA or DSA keys...
> 
> 
> Looks like I have to create an 1024 bit subkey, upload that to the 
> keyservers, put it into the Debian keyring, add it to 
> http://packages.x2go.org/pub.key and sign all RHEL 5 packages with 
> that weak one?

Created a VM and tested this hunch with one package. Looks like I was right. Will update the buildscript now and re-sign manually for now...


Mihai


[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 20:21:56 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.