[CentOS] [CentOS-announce] CEBA-2015:0048 CentOS 6 nss-softokn BugFix Update

Thu Jan 15 14:27:41 UTC 2015
Johnny Hughes <johnny at centos.org>

On 01/15/2015 07:15 AM, centoslistmail at gmail.com wrote:
> On Jan 14 10:37pm, Johnny Hughes wrote:
>> CentOS Errata and Bugfix Advisory 2015:0048
>> Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0048.html
>> The following updated files have been uploaded and are currently
>> syncing to the mirrors: ( sha256sum Filename )
> I was surprised to find that these RPMs were modified and re-released
> with different sums yet identical version strings. Is this common practice?

No, not at all

There was what we thought was a huge problem with the packages, that
ended up being this bug:



The reason they are different was that we rebuilt and resigned the
packages in our troubleshooting of how it completely rendered yum and
rpm unusable .. then we found the cause.

But, since we found that the issue was an upstream bug (ie, centos
matches rhel and they have to fox the issue, or not fix it), we decided
to re-release.  However, I did not save the original signed packages, so
I had to resign the first ones and release them.  The only differences
between the two package sets, if you were to compare them would be the
signing data/time.

Sorry for the inconvenience.

Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150115/cea16d02/attachment-0003.sig>