pkg/40510: download-vulnerabilitiy-list fails to verify the list.

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/40510: download-vulnerabilitiy-list fails to verify the list.
From: "Robert W." <slrn_robert%yahoo.de@localhost>
Date: Thu, 29 Jan 2009 10:35:00 +0000 (UTC)

>Number:         40510
>Category:       pkg
>Synopsis:       download-vulnerability-list cannot verify the list
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 29 10:35:00 +0000 2009
>Originator:     Robert W.
>Release:        NetBSD 4.0.1
>Organization:
>Environment:
        
        
System: NetBSD robert-pickton 4.0.1 NetBSD 4.0.1 (ROBERT_PICKTON_4-1) #1: Wed 
Oct 15 12:07:45 CEST 2008 
mary@waltraud:/home/mary/doc/netbsd/nbsd-4.0.1/usr/src/sys/arch/i386/compile/ROBERT_PICKTON_4-1
 i386
Architecture: i386
Machine: i386
>Description:
        At least since 2009/01/28, download-vulnerabilities-list fails to verify
        the list after down load
        ------ Output from /usr/pkg/sbin/download-vulnerability-list ---------
        local: pkg-vulnerabilities.3889.gz remote: pkg-vulnerabilities.gz
        229 Entering Extended Passive Mode (|||51421|)
        150 Opening BINARY mode data connection for 'pkg-vulnerabilities.gz' 
(51725 bytes).
        100% 
|****************************************************************************************************************|
 51725      50.19 KB/s    00:00 ETA
        226 Transfer complete.
        51725 bytes received in 00:01 (49.69 KB/s)
        221-
                Data traffic for this session was 51725 bytes in 1 file.
                Total traffic for this session was 56075 bytes in 1 transfer.
        221 Thank you for using the FTP service on ftp.NetBSD.org.
        ***ERROR*** Failed to verify the newly downloaded vulnerabilities file
    ----- End Output -------------

        Downloading the file manually and verifying it using gpg yields to the
        following:
        ----- Output from gpg ---------------
        bash-3.2# gpg --verify pkg-vulnerabilities.gz
        gpg: no valid OpenPGP data found.
        gpg: the signature could not be verified.
        Please remember that the signature file (.sig or .asc)
        should be the first file given on the command line.
        ----- End Output

>How-To-Repeat:
        1) open a shell
        2) execute as root /usr/pkg/sbin/download-vulnerability-list
>Fix:
none known

>Unformatted:

Prev by Date: Re: pkg/40457 (Diffs for various minor pkgsrc-2008Q4 fixes)
Next by Date: Re: pkg/40498 (Update xf86-video-ati to 6.10)
Previous by Thread: PR/40457 CVS commit: [pkgsrc-2008Q4] pkgsrc/x11/vte
Next by Thread: Re: pkg/40498 (Update xf86-video-ati to 6.10)
Indexes:

Home | Main Index | Thread Index | Old Index