Subject: PGP signatures on recent NetBSD Security Advisories
To: None <tech-security@NetBSD.org, current-users@NetBSD.org>
From: NetBSD Security-Officer <security-officer@netbsd.org>
List: current-users
Date: 02/20/2004 09:54:47
-----BEGIN PGP SIGNED MESSAGE-----


NetBSD Security-Officer recently published 4 Security Advisories.

We have received a number of notes from people that the PGP signatures
on these were bad. This has been corrected, and re-signed copies
published at:

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc

As always, these locations will contain the most up-to-date versions
of the Advisories, if any other changes are required as new
information comes to hand.

The problem has been traced to an error in committing the signed text
into CVS. Normally, this is done so that the original CVS revision
tags are retained after signing, but on this occasion that step was
unfortunately omitted. The Security Advisories recently mailed out had
CVS revisions updated for the commit of the signed content, breaking
the signature.

We apologise for this error, and thank all those who pointed out the
problem.

- --
NetBSD Security-Officer



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iQCVAwUBQDU+Hj5Ru2/4N2IFAQEKZwQAho4sv1ErIbnZTNBo0aPOcAonvH0DY+ec
euP9ptQtdkyoA3pOc+LLfF6QEtLZ4Im+0mp/Q1Ew4mbBa49frRSHHOCDnshw1Has
PkY4f3/LzjVWjB2nFv4njDwbgCbfvrF7IeD+lzFUrnqAzHAu5uw4hpRd9P4KmQdH
ceapPKFYARg=
=Uivf
-----END PGP SIGNATURE-----