[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE

From:	Samuel Tardieu
Subject:	[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE
Date:	Thu, 22 Jan 2004 19:55:34 +0100
User-agent:	T-gnus/6.16.2 (based on Gnus v5.10.2) (revision 02) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI)

>>>>> "Rob" == Rob Kaper <address@hidden> writes:

> GPG clearly labels what part of a file is signed. If you fetch the
> md5sum summary from outside the boundaries GPG gives you, GPG can't
> help you.

Exactly.

"gpg" (alone) will take the standard input, check the signature, and
output the signed part on the standard output. Using this output to
get the checksums from seems to be the most correct solution.

If you do not wish to check signatures, you can use "cat" instead (or
do not use the .check file at all). If you wish to use X.509, use a
similar command with "openssl". As mentionned in this list already, it
will also demangle content that would have been encoded by GnuPG.

  Sam
-- 
Samuel Tardieu -- address@hidden -- http://www.rfc1149.net/sam

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/20
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Colin Walters, 2004/01/20
  - Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/20
    - Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Colin Walters, 2004/01/21
    - Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Brian May, 2004/01/21
    - Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/21
    - Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Rob Kaper, 2004/01/22
    - Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Colin Walters, 2004/01/22
    - Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/22
    - [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu <=
    - Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
    - Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
    - Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
    - Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
    - Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
  - [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/21
    - Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Brian May, 2004/01/21
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Geert Stappers, 2004/01/20
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, James Blackwell, 2004/01/20
  - Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/20

Prev by Date: Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE
Next by Date: Re: [Gnu-arch-users] Re: tla file-locking (good idea or bad idea?)
Previous by thread: Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE
Next by thread: Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE
Index(es):
- Date
- Thread