Mutt/GnuPG doc initial release

David Shaw dshaw@jabberwocky.com
Fri Sep 28 01:07:02 2001


--Qxx1br4bt0+wmkIi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 26, 2001 at 09:38:40PM +0200, Johan Wevers wrote:

> David Shaw wrote:
>=20
> > While it is true that virii often try to masquerade as harmless
> > attachments, nevertheless a signature is not a binary or executable
> > code of any sort.
>=20
> Neither is a patch on source code, but a malacious patch can intruduce
> a security weakness in a program, even when it's not obvioud to the
> casual observer (I don't expect anyone to send out source patches with
> code that explicitly mails a secret key to the attacker, but subtle
> flaws might be introduced unnoticed).
Yes, which is why such things should be signed by the developer. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------= -+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBO7OwcYccwqs8s7QVAQEsCgf/c0KqaGaxBWZOW43fZNENcArHxOXRdjP8 XXe9ba8FonN1V4ElG4Ht65eR4kJtKeTF5w0G/x3KqhDIuRGWRUlYczkREuLbRgQ7 JdhXXgLd112+kBC5jJl+KvqEH7sGF8IUeJhXBQimc1YPQ7bzQ9Fjt5TfujlpsuME /9LUjjZVsJnXHijBMQoSpyASE/l1kMhKYt2pRa7ji+QWrenINQ/fOZb7IYs6VudU SCnIrEDIgKKCIdlrO+txa65v7c1vF5vgO5rZd5Om2A+2f6mDEAQDOSxVmbJh507/ J+BDNi/+WlBmzM/AsZghGVw6JWaZxaSWUNE/niK9MflfxkhQkXEN1Q== =EjHc -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi--