[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD
From: |
Mark D. Baushke |
Subject: |
Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) |
Date: |
Mon, 08 May 2006 13:05:27 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Derek R. Price <address@hidden> writes:
> Okay. I've attached a new patch. I noticed while I was working on it
> that I neglected to document the `sign' and `verify' commands, but I
> will work on that with the sign/verify help patch you suggested.
Okay.
> At the moment, I'm inclined to only test GPG. Perhaps, if the
> executable does not appear to be GPG, then sanity.sh should just print
> a generic warning about the tests being intended for GPG and running
> anyhow and remember to keep your implementation up-to-date if you are
> relying on it for security.
Yes, this seems reasonable.
> > 2) Some vendors have been known to patch security concerns into
> > down-revision releases of software. There is no way to know if 'gpg
> > --version' which returns a '1.2.3' is or is not the latest version
> > of the tool for a particular host operating system or not.
>
> True, but since this is only a warning, it shouldn't hurt to ignore
> that and remind the user to check when the version doesn't look
> up-to-date as far as we knew as of the CVS release date.
Good point.
> It occurs to me that it isn't uncommon for a user to be running a 5
> year old version of CVS, which would only warn about versions of GPG
> also at least 5 years old, making this whole exercise seem a bit
> pointless anyhow. Then again, at least there would be potentially
> useful warnings for people who kept up with CVS.
Yup.
[...patch elided...]
The patch looks good to me.
Thanks,
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)
iD8DBQFEX6SHCg7APGsDnFERAky9AKDkVUXF+7TuIsz9Z+4kdnHM2/qj1wCgkTiu
IvuHtD5dmAEM41LfSwYP8c4=
=P0eA
-----END PGP SIGNATURE-----
Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS), Mark D. Baushke, 2006/05/08