Any idea of when this package is going to be updated?
Whoever updates it: Please make sure that when you update it, you can trace
the updates (i.e. full fingerprints, not just 32-bit key IDs) to a trusted
source (i.e. not some website accessed over plain HTTP). The only thing
worse than an
FWIW, see http://lists.debian.org/debian-devel/2007/03/msg00470.html
James never replied to this message, or to any other message about
jetring, even though he'd said several times before that a tool like
this was needed to maintain the keyring.
If it would be useful, I should still have a copy
severity 295527 serious
thanks
See bug#438679. As Neil points out there, the debian-keyring package
is horribly outdated and this can lead to security concerns (people
being misled into believing that a signature is valid when it is not).
So it should either be removed or an updated version
3 matches
Mail list logo
