[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] recovering
|
From: |
Peter Schuller |
|
Subject: |
Re: [Duplicity-talk] recovering |
|
Date: |
Sat, 19 Jan 2008 15:34:31 +0100 |
|
User-agent: |
KMail/1.9.7 |
> However - why would one want ot silently supress this?
Ok, following up on myself, my interpretation is that the intent is to simply
completely ignore anything that could not be successfully verified to be
trusted, in the case of a signed manifest, and the "bug" is more of the
nature of that particular action not being caught properly in the upper
layers.
If this is the case:
* Is it not a false sense of security, since an attacker might as well replace
the manifest with one that is not signed at all, thus bypassing the check
anyway?
* Is the intet that duplicity restores should "just work" as long as the key
in question is in the user's keyring? What is the intented passphrase
handling in these cases - should the user be using an agent?
I'd like to submit a patch to clarify some things in the manpage, when I
understand it myself to begin with. Anyone have input?
--
/ Peter Schuller
PGP userID: 0xE9758B7D or 'Peter Schuller <address@hidden>'
Key retrieval: Send an E-Mail to address@hidden
E-Mail: address@hidden Web: http://www.scode.org
signature.asc
Description: This is a digitally signed message part.
- [Duplicity-talk] recovering, Ingrid Lohmann, 2008/01/16
- Re: [Duplicity-talk] recovering, Jacob, 2008/01/16
- Re: [Duplicity-talk] recovering, Michael Baierl, 2008/01/17
- Re: [Duplicity-talk] recovering, Olivier Croquette, 2008/01/17
- Re: [Duplicity-talk] recovering, Kenneth Loafman, 2008/01/17
- Re: [Duplicity-talk] recovering, Ingrid Lohmann, 2008/01/18
- Re: [Duplicity-talk] recovering, Ingrid Lohmann, 2008/01/18
- Re: [Duplicity-talk] recovering, Peter Schuller, 2008/01/18
- Re: [Duplicity-talk] recovering, Peter Schuller, 2008/01/19
- Re: [Duplicity-talk] recovering,
Peter Schuller <=