On 05/13/2013 08:58 AM, Manuel Wolfshant wrote: > On 05/13/2013 04:47 PM, Manuel Wolfshant wrote: >> Hello >> >> We just found out via #centos that the file >> ftp://ftp.availo.se/centos/6.4/updates/x86_64/Packages/selinux-policy-3.7.19-195.el6_4.3.noarch.rpm >> is not signed and has incorrect dates and md5sum compared to the >> "known good" package. >> I suggest to remove( disable ) the mirror from the list of >> mirrors and if someone has more specific contact info for the admins >> ( only addresses I found were those existing at http://www.availo.se >> ) to let them know that there is an issue. >> >> >> Regards >> >> manuel > Hello > > Apparently more mirrors have the incorrect ( unsigned ) selinux > packages. So far within 5' we found at least 3 different mirrors from > Europe and USA which carry them. All of the unsigned packages seem to > have been built on 03/10/2013 but released on 05/10/2013 and contain > the same files as the signed packages so..could it be that unsigned > packages leaked from the build host and where inadvertently pushed to > the mirrors ? > > manuel > I found the mistake, it is an error on the master mirror ... I'll post when it is fixed, which should be in about an hour. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20130513/0e9fda8b/attachment-0003.sig>