Control: clone -1 -2
Control: reassign -2 gnupg
On Wed, Apr 03, 2013 at 04:58:05PM +0200, Ansgar Burchardt wrote:
> So one can prepend a InRelease file looking like
> ----
> -----BEGIN PGP SIGNED MESSAGE----- NOT
> Hash: SHA1
>
> <insert malicious Release file contents here>
>
> -----BEGIN PGP SIGNATURE----- NOT
> ----
This is a bug in gnupg, this is clearly no valid file clearsign message
anymore, see RFC 4880, section 7.
Bastian
--
Death, when unnecessary, is a tragic thing.
-- Flint, "Requiem for Methuselah", stardate 5843.7
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
