Full Disclosure mailing list archives
Re: Different signatures on mirror sites for ethereal 0.10.13
From: <prozente () gmail com>
Date: Sat, 22 Oct 2005 17:51:23 -0500
\/ see below - the mirrors must still be updating... ---------- Forwarded message ---------- From: Gerald Combs <gerald () ethereal com> Date: Oct 20, 2005 5:31 PM Subject: [Ethereal-announce] Updated Ethereal 0.10.13 source distribution available To: ethereal-announce () ethereal com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The ethereal-0.10.13.tar.bz2 source distribution released yesterday was inadvertently compressed using gzip instead of bzip2. A correct distribution has been placed on the web site with the following hashes: MD5(ethereal-0.10.13.tar.bz2)=9998cb4907a70925d33292bae89530d4 SHA1(ethereal-0.10.13.tar.bz2)=d83a326bb3b274c63e96c783c8b65a0ca848d721 RIPEMD160(ethereal-0.10.13.tar.bz2)=7d209f6c0a932f844ac1ab5fe9cfdef4145ee423 None of the other files released yesterday have changed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWBq6kXaEuZt2wEERAj9SAKCU+v3uGpDlpVQuQ2E1z32Swkst9QCg9FJG bn18+2YzyTeRMcOE0j5dTNw= =DWtO -----END PGP SIGNATURE----- _______________________________________________ Ethereal-announce mailing list Ethereal-announce () ethereal com http://www.ethereal.com/mailman/listinfo/ethereal-announce On 10/21/05, Rein van Koten <vankoten () xs4all nl> wrote:
Interesting? While updating systems with ethereal 0.10.13 I downloaded from different sites... While checking MD5sums discovered that at least there is a difference between the SIGNATURES-0.10.13.txt files on the main ethereal site and tuwien. Difference is only for the tar.bz2 source file... Main site: MD5(ethereal-0.10.13.tar.bz2)=08d277951ff6f6a93c752abebd85d5bc SHA1(ethereal-0.10.13.tar.bz2)=4ed2014a1ede6bdb05fbe99b0469a030c7794a13 RIPEMD160(ethereal-0.10.13.tar.bz2)=54f6431ac2d807e0d7dd896af71463d340c66107 TUWIEN: MD5(ethereal-0.10.13.tar.bz2)=9998cb4907a70925d33292bae89530d4 SHA1(ethereal-0.10.13.tar.bz2)=d83a326bb3b274c63e96c783c8b65a0ca848d721 RIPEMD160(ethereal-0.10.13.tar.bz2)=7d209f6c0a932f844ac1ab5fe9cfdef4145ee423 All other filesums match. Now downloading all files and looking at the sources. Maybe it is my mistake, maybe something weird is going on. In case of the latter decided to bare the blame if it is my mistake. Do not like the idea of tampered ethereal sources.... Regards, Rein _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Different signatures on mirror sites for ethereal 0.10.13 Rein van Koten (Oct 22)
- Re: Different signatures on mirror sites for ethereal 0.10.13 prozente (Oct 22)