The SHA1 was recreated and the tarball was resigned by myself.
Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List
At both ftp://ftp.openssl.org/source/ and
http://openssl.org/source, the openssl-0.9.8f.tar.gz.sha1
file does not match the actual SHA1 checksum of
openssl-0.9.8f.tar.gz. (The MD5 sum is ok.)
Also, the openssl-0.9.8f.tar.gz.asc file is a binary PGP
signature and not, as the name implies, an
I have made the following modifications to the download area (not
tracked by CVS, so the
action is not logged via openssl-cvs) at Wed Oct 17, 2007, 09:30 CEST
(07:30GMT):
* updated openssl-0.9.8f.tar.gz.sha1
* created new openssl-0.9.8f.tar.gz.asc with my (Lutz Jaenicke) personal
key matching
Grr. The OpenSSL web site is some (semi-)automatic thing that is updated
in a magic way. Probably only Ralf Engelschall fully understands how
this works :-)
I have made sure the correct files are linked now.
Best regards,
Lutz
I would hope the web site is some semi-automatic thing.
I should also note that since MD5 has an easy
hash-collision-generation function against it, the contents of the
openssl-0.9.8f file that was available there that didn't match the
sha1 should be evaluated and diffed.
I think this should be
I would hope the web site is some semi-automatic thing.
I should also note that since MD5 has an easy
hash-collision-generation function against it, the contents of the
openssl-0.9.8f file that was available there that didn't match the
sha1 should be evaluated and diffed.
I think this should be