On 05/13/2013 08:58 AM, Manuel Wolfshant wrote:
On 05/13/2013 04:47 PM, Manuel Wolfshant wrote:
Hello
We just found out via #centos that the fileftp://ftp.availo.se/centos/6.4/updates/x86_64/Packages/selinux-policy-3.7.19-195.el6_4.3.noarch.rpm is not signed and has incorrect dates and md5sum compared to the "known good" package. I suggest to remove( disable ) the mirror from the list of mirrors and if someone has more specific contact info for the admins ( only addresses I found were those existing at http://www.availo.se ) to let them know that there is an issue.
Regards manuelHello
Apparently more mirrors have the incorrect ( unsigned ) selinuxpackages. So far within 5' we found at least 3 different mirrors from Europe and USA which carry them. All of the unsigned packages seem to have been built on 03/10/2013 but released on 05/10/2013 and contain the same files as the signed packages so..could it be that unsigned packages leaked from the build host and where inadvertently pushed to the mirrors ?
manuel
I found the mistake, it is an error on the master mirror ... I'll post when it is fixed, which should be in about an hour.
-
Johnny Hughes