Re: unsafe use of gpg

Peter Samuelson writes: > Note that this adds a keyring to the current list. If the intent > is to use the specified keyring alone, use --keyring along with > --no-default-keyring. You probably read "man gpg" but gpgv is simpler: gpgv: Invalid option "--no-default-keyring" -- To U

Re: unsafe use of gpg

[Timo Juhani Lindfors] > Is > > /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig > chmod a+x file > ./file > > still a safe way to ensure that only code signed by a key in trusted.gpg > gets executed? >From the manpage: Note that this adds a keyring to the current l

Re: unsafe use of gpg

* Ansgar Burchardt [121214 16:18]: > 2, Not asking gpg to verify signatures: > > I also found packages that call gpg in the form "gpg $file" and expect > gpg to verify the signature on $file and output the signed data. Indeed > it does so for *signed* files, but if you just give it unsigned data

Bug#695953: ITP: liburi-find-simple-perl -- simple interface to URI::Find

Package: wnpp Severity: wishlist Owner: "Jotam Jr. Trejo" * Package name: liburi-find-simple-perl Version : 1.03 Upstream Author : Tom Insam * URL : http://search.cpan.org/dist/URI-Find-Simple/ * License : Artistic, GPL-1+ Programming Lang: Perl Descriptio

Bug#695951: ITP: liburi-title-perl -- get the titles of things on the web in a sensible way

Package: wnpp Severity: wishlist Owner: "Jotam Jr. Trejo" * Package name: liburi-title-perl Version : 1.86 Upstream Author : Tom Insam * URL : http://search.cpan.org/dist/URI-Title/ * License : GPL-1+, Artistic Programming Lang: Perl Description : get

Bug#695950: ITP: libconfig-find-perl -- find configuration files in the native OS fashion

Package: wnpp Severity: wishlist Owner: "Jotam Jr. Trejo" * Package name: libconfig-find-perl Version : 0.26 Upstream Author : Salvador Fandino * URL : http://search.cpan.org/dist/Config-Find/ * License : Artistic Programming Lang: Perl, GPL-1+ Description

Bug#695946: ITP: libbot-basicbot-pluggable-perl -- extended simple IRC bot for pluggable modules

Package: wnpp Severity: wishlist Owner: "Jotam Jr. Trejo" * Package name: libbot-basicbot-pluggable-perl Version : 0.98 Upstream Author : Mario Domgoergen * URL : http://search.cpan.org/dist/Bot-BasicBot-Pluggable/ * License : GPL-1+, Artistic Programming La

Re: unsafe use of gpg

Ansgar Burchardt writes: > I recently looked at several packages using gpg to verify signatures Thanks for your work! Please try to raise this upstream so that they can provide proper interfaces. Is /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig chmod a+x file ./file

unsafe use of gpg

Hi, I recently looked at several packages using gpg to verify signatures and found ways to circumvent the signature check, see [1] for a few bug reports demonstrating this. [1] So far I have found two diff

Re: Bug#695897: ITP: corekeeper -- Core file centralizer and reaper

These have been forcemerged. -- I pledge not to post to any systemd-related thread on -devel until (at least) 2013. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2