-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: vmm Severity: normal Tags: security Version: 0.6.2-1
Documentation in vmm is using gpg --recv-keys with short key id, which is unsecure: http://sources.debian.net/src/vmm/0.6.2-1/doc/web/source/download.rst/?hl=29#L29 Please use the full fingerprint in the examples, thank you. Could you also notify upstream if they are using the same example or alternatively ask me to do it. Additional details about the issue can be found from here: http://security.stackexchange.com/questions/74009/what-is-an-openpgp-key-id-collision - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXyB4bAAoJECet96ROqnV0gDQP/3WMawyON4yTFvnQxt3hXU1r CZetUn+ODzFNb2etEt2n/akGswKNTBhnA+tilYb5hpnnAHZPlJSA1v1WdYmREoix hP+rIst8Jcg701iQVnOhL4fBIcu+BMFkURk1TrGZupPZw9qmyXDmH7E8hFxN/JCz sxknIaFUwznDM0IM/1YU7cuCjpWfUXsyYEk+FGuu75D8oFEYjg2MHWB+oLihUYLt c2/MZaiVlGD3gvvyEI+fO/wTofdfi3y9JSFCpGosEOblpFvB7CArFxniAcnH1u3z GYp1kYryrvTzn+OO9O65wKmKzSZrk0SOUOm1yrcWsg0kfQFyKHw0xEogxPve73Iz 6sFZ03SYm3aiOUvX5olJsjwYfW5MnWcqso4xd04+nSz4SWCFegOfCSXuXb72F7gB 87doUnNrWDN+mpQEomDYKDE8/wIQcfN2VtETiDNNNseDgvdCp9sR0ueHE20u9y38 z6zYkgU7RAUYSnAwxCQ6uY0uexuuxmExl+X+QlvMTH4ggCi3ij9pHn5urXcjA6ZS sr/X09IlM/WLALWYiglipniwO04x1b4sqNxhdLOOD61fH6bpzTbj3Aqlop1wyZW/ vQjDMYNu45FOl0Uanw6RXAkfP78PdeOiEEtujgdlOB0rx+GwLyTbxs91hNFW/lyR gge66S3nftSpaLTr7wM8 =ldg8 -----END PGP SIGNATURE-----