[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE |
Date: |
Sat, 24 Jan 2004 23:52:54 +1100 |
On Sat, 2004-01-24 at 23:22, Johannes Berg wrote:
> On Sat, 2004-01-24 at 13:26, Robert Collins wrote:
> > As has been pointed out several times: getting the data -from- gpg is
> > the Right Way. So, whos up to make a patch? I don't have time now, and
> > won't for some time to do this, but we should have this in for 1.2, as
> > it will change the check scripts.
>
> I'll have a stab at it, but if I don't report success today then
> consider the attempt failed, because I won't have time during the week.
Cool. A quick sketch of the approach...
1) alter your check script to output the content and fail if the
signature isn't valid.
2) alter arch to (for signed archives only) get the checksum file
content from the check script's stdout, instead of from the checksum
file itself.
That should be all you need to do.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, (continued)
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/20
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Colin Walters, 2004/01/21
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Brian May, 2004/01/21
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/21
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Rob Kaper, 2004/01/22
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Colin Walters, 2004/01/22
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/22
- [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/22
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE,
Robert Collins <=
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/21
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Geert Stappers, 2004/01/20
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, James Blackwell, 2004/01/20