Re: [cobalt-security] RaQ550 Valid updates?

[Bruce Timberlake <bruce@xxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> > The PKG you listed will not install as updatestage.sfbay.sun.com
> > is not a valid public BlueLinQ server (thus the 'stage' in the
> > name...). The problem was acknowledged by a Sun engineer (perhaps
> > on cobalt-users or cobalt-developers) a day or two ago, and a
> > fixed PKG is in the works.
>
> 'fixed PKG'? are you implying there is something wrong with the
> fact that my BlueLinQ notified me of the updates, and installed the
> new packages when pointed to the correct server? what about the
> packages themselves is there that needs fixing?

The fixed version must be uploaded now, allowing you to install 
properly.  The original PKG had a bad URL in it that was transmitted 
in the PKG info section (which appears on your machine allowing you 
to decide if you wish to download it or not).  PKGs are staged on a 
testing server first, and an internal check is run against them to 
ensure they download correctly.  If everything is ok, they are moved 
to the "live" BlueLinQ server for the general public.

Somehow the original PKG which was posted to the public BlueLinQ 
server had the temporary staging BlueLinQ server URL left in the PKG 
description.  When users outside Sun's network attempted to download 
it, they couldn't.

The PKG itself (contents it's delivering) were and are ok.  Just the 
delivery mechanism was originally messed up.  It was caught fairly 
quickly and the correct version is now available for download.

- -- 
Bruce Timberlake

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+TWBvvLA2hUZ9kgwRAkLVAJ4pGX9qbts4maUNnL1rrYywqJHWFwCeJgcL
boenGfcyulPyljT2lqWuc/Q=
=Z5jb
-----END PGP SIGNATURE-----