Frontends for Windows

Loic Bernable leto@vilya.org
Mon Nov 19 17:23:01 2001


--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Selon Silviu Cojocaru :=20
> Same applies to Linux, get yourself rooted and see that it is
> not a big issue.

Except that I can access and audit Linux source. But this is not the
main topic.
=20
> > This sentence was not against you. But one should not lower
> > the safety level of such a program, especially in order to
> > improve friendship.
>=20
> How do you know that the security level of GPGShell is *low*,
> have you done any testing, have you tried catching the input or
> detecting the certain area of the memory where it keeps the
> password just before passing it to gpg ?

We don't know if it is *high*, and we don't have the ability to know as
we don't have access to the source code. We can not audit this code.

And one elementary rule of security is to mistrust what we can not fully
trust. Therefore, I don't trust GPGshell as I can not make myself sure
that it is secure. Period.
=20
> Watching BUGTRAQ for quite a while now, and I did not see
> GPGShell announced as having problems... this should mean
> something yes?

No.


This discussion is over.

--=20
### Lo=EFc Bernable aka Leto -- leto@vilya.org -- Parinux, April, LinuxFR #=
##
A)bort, R)etry, I)gnore, V)alium?

--r5Pyd7+fXNt84Ff3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7+TGBX1807qC7PesRAoI0AKCAb5/xQLA5eQt5uu0uX9ghfIBwvgCeKTRd
q7sU73kE5l7WfYtZmwbVQoc=
=r38u
-----END PGP SIGNATURE-----

--r5Pyd7+fXNt84Ff3--