security issue with signing files

[Florian Weimer]

"Anthony E. Greene" <agreene@pobox.com> writes:

> We're not talking about a deliberate attack here.

Are we?

> This is about inadvertantly signing a document that has changed
> without your knowledge.  The change was made by an authorized user;
> you just hadn't see the change when you signed the document.

Any configuration management/version control system will prevent this.
You probably want to use such tools anway, since this problem
generally exists in shared environments, and not only happens with
document signing. ;-)