17 May
2019
17 May
'19
1:03 p.m.
On Fri, 3 May 2019 10:02:22 +0300 Otto Kekäläinen <otto@debian.org> wrote:
I did a new download from ftp.osuosl.org and now the checksums match. Maybe there was just a temporary error and not a targeted distribution chain attack..
Yes, it could be that things were just not fully synced yet.
By the way, the current package signing key is a bit weak (1K DSA). I recommed creating a new 4K RSA key some time later this year at a suitable point in time..
Yes, this needs to be done. Thanks. -- Daniel Bartholomew, MariaDB Release Manager MariaDB | https://mariadb.com