[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE
From: |
Miles Bader |
Subject: |
[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE |
Date: |
21 Jan 2004 16:30:52 +0900 |
Tom Lord <address@hidden> writes:
> Currently, the signing mechanism in tla is signing-regimen-agnostic.
> You don't have to use gpg (or any other pgp work-similar). You could
> cons up something with any crypto tool you like.
How about adding, in addition to `=default.check' (or whatever),
`=default.contents' which should return the contents of the file that
tla should use. [could this serve in _place_ of =default.check?]
For gpg, I guess this would usually be `gpg --decrypt'.
For instance, on the following file:
HA HA HA, I'M A CRACKER!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Signature-for: address@hidden/cray--devo--0--patch-55
md5 log 1fa0a2ca4ea0dbdf0f4c009f5d8df9b2
md5 cray--devo--0--patch-55.patches.tar.gz 18802c6aaa64415d8c70d8f4112c5b90
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAA6t0JZUtNEYDMO4RAqBbAJ9JTl4yDtDPrGpVUNhwjPQ6UC+Y8QCfUuI8
izVgjQSvdB2mF8PoKoyQgA0=
=rLzP
-----END PGP SIGNATURE-----
gpg --decrypt emits:
Signature-for: address@hidden/cray--devo--0--patch-55
md5 log 1fa0a2ca4ea0dbdf0f4c009f5d8df9b2
md5 cray--devo--0--patch-55.patches.tar.gz 18802c6aaa64415d8c70d8f4112c5b90
[Plus the usual random verbosity to stderr]
-miles
--
Saa, shall we dance? (from a dance-class advertisement)
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, (continued)
[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/21
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Geert Stappers, 2004/01/20
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, James Blackwell, 2004/01/20
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, James Blackwell, 2004/01/20
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Andrew Suffield, 2004/01/21
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/22