Hello Andrew, you are using a 1024 bit key for signing GLPK distribution tar balls.
1024 bit is no longer considered safe. Cf. http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf Furthermore you are using SHA-1 for signing. SHA1 is also regarded as unsafe. Please, create a signing key of at least and cross sign it with your old 1024 bit key. You might use SHA-256 for signing. Best regards Heinrich Schuchardt _______________________________________________ Help-glpk mailing list Help-glpk@gnu.org https://lists.gnu.org/mailman/listinfo/help-glpk