Mutt/GnuPG doc initial release
Johan Wevers
johanw@vulcan.xs4all.nl
Thu Sep 27 07:01:02 2001
David Shaw wrote:
> While it is true that virii often try to masquerade as harmless
> attachments, nevertheless a signature is not a binary or executable
> code of any sort.
Neither is a patch on source code, but a malacious patch can intruduce
a security weakness in a program, even when it's not obvioud to the
casual observer (I don't expect anyone to send out source patches with
code that explicitly mails a secret key to the attacker, but subtle
flaws might be introduced unnoticed).
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html