gnu-arch-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnu-arch-users] Re: signatures and checking


From: Tom Lord
Subject: [Gnu-arch-users] Re: signatures and checking
Date: Mon, 26 Jan 2004 17:50:42 -0800 (PST)

    > From: Miles Bader <address@hidden>

    > Surely you can just treat the two cases separately:

    > Ask gpg (or whatever) to deliver the contents in case (2), by having a
    > `.arch-params/signing/*.contents' script, and just parse them directly in
    > case (1) (which is when you _don't_ have the script).

    > This would do the right thing, be simple to implement, not require any
    > awk scripts, and not require any new options to gpg....


Interesting idea but no.

That would create a partial exploit in which non .check'ing clients
saw different checksum data from .check'ing clients.

I don't immediately see any obvious way to turn that partial exploit
into a complete one --- but it seems needlessly fragile, nevertheless.

-t





reply via email to

[Prev in Thread] Current Thread [Next in Thread]