[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE

From: Robert Collins
Subject: Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE
Date: Sat, 24 Jan 2004 23:26:36 +1100

On Fri, 2004-01-23 at 05:55, Samuel Tardieu wrote:
> >>>>> "Rob" == Rob Kaper <address@hidden> writes:
> > GPG clearly labels what part of a file is signed. If you fetch the
> > md5sum summary from outside the boundaries GPG gives you, GPG can't
> > help you.
> Exactly.


As has been pointed out several times: getting the data -from- gpg is
the Right Way. So, whos up to make a patch? I don't have time now, and
won't for some time to do this, but we should have this in for 1.2, as
it will change the check scripts.

GPG key available at: <>.

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]