Mutt/GnuPG doc initial release
David Shaw
dshaw@jabberwocky.com
Fri Sep 28 01:07:02 2001
--Qxx1br4bt0+wmkIi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Sep 26, 2001 at 09:38:40PM +0200, Johan Wevers wrote:
> David Shaw wrote:
>=20
> > While it is true that virii often try to masquerade as harmless
> > attachments, nevertheless a signature is not a binary or executable
> > code of any sort.
>=20
> Neither is a patch on source code, but a malacious patch can intruduce
> a security weakness in a program, even when it's not obvioud to the
> casual observer (I don't expect anyone to send out source patches with
> code that explicitly mails a secret key to the attacker, but subtle
> flaws might be introduced unnoticed).
Yes, which is why such things should be signed by the developer.
David
--=20
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
--Qxx1br4bt0+wmkIi
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iQEVAwUBO7OwcYccwqs8s7QVAQEsCgf/c0KqaGaxBWZOW43fZNENcArHxOXRdjP8
XXe9ba8FonN1V4ElG4Ht65eR4kJtKeTF5w0G/x3KqhDIuRGWRUlYczkREuLbRgQ7
JdhXXgLd112+kBC5jJl+KvqEH7sGF8IUeJhXBQimc1YPQ7bzQ9Fjt5TfujlpsuME
/9LUjjZVsJnXHijBMQoSpyASE/l1kMhKYt2pRa7ji+QWrenINQ/fOZb7IYs6VudU
SCnIrEDIgKKCIdlrO+txa65v7c1vF5vgO5rZd5Om2A+2f6mDEAQDOSxVmbJh507/
J+BDNi/+WlBmzM/AsZghGVw6JWaZxaSWUNE/niK9MflfxkhQkXEN1Q==
=EjHc
-----END PGP SIGNATURE-----
--Qxx1br4bt0+wmkIi--