Hi Thomas,
On Thursday, March 15, 2007 at 12:54:37 -0400, Thomas E. Dickey wrote:
> Making it [gpg path] configurable from a single point is probably a
> better way to go
Good idea: What about the attached additional patch? It makes use of
$my_variables to allow a single point of configurat
On Mon, Mar 26, 2007 at 07:34:51PM -0400, Derek Martin wrote:
> On Mon, Mar 26, 2007 at 06:45:37PM +, Dave wrote:
> > I'd counter that a sysadmin who installs software should do a
> > background check to ensure that the thing isn't riddled with
> > security holes unless the program was specifi
On Mon, Mar 26, 2007 at 06:45:37PM +, Dave wrote:
> I'd counter that a sysadmin who installs software should do a
> background check to ensure that the thing isn't riddled with
> security holes unless the program was specifically requested by the
> system owner.
He should do it whether or no
On Mon, Mar 26, 2007 at 04:54:40PM +0200, Vincent Lefevre wrote:
> On 2007-03-26 08:43:56 -0600, Kyle Wheeler wrote:
> > On Monday, March 26 at 04:27 PM, quoth Vincent Lefevre:
> > >>if you'd like to reverse a stupid decision made by the distributor.
> > >
> > >So, Mutt's configure shouldn't allow
On Mon, Mar 26, 2007 at 08:43:56AM -0600, Kyle Wheeler wrote:
> On Monday, March 26 at 04:27 PM, quoth Vincent Lefevre:
> >>if you'd like to reverse a stupid decision made by the distributor.
> >
> >So, Mutt's configure shouldn't allow stupid decisions.
>
> This reminds me of a quote by Doug Gwyn
On Mon, Mar 26, 2007 at 04:27:06PM +0200, Vincent Lefevre wrote:
> On 2007-03-25 08:31:46 +, Dave wrote:
> > On Sun, Mar 25, 2007 at 04:11:35AM +0200, Vincent Lefevre wrote:
> > > Now, if software writers make bad decisions, that's the fault and
> > > responsibility of the sysadmin himself? Gr
On 2007-03-26 08:43:56 -0600, Kyle Wheeler wrote:
> On Monday, March 26 at 04:27 PM, quoth Vincent Lefevre:
> >>if you'd like to reverse a stupid decision made by the distributor.
> >
> >So, Mutt's configure shouldn't allow stupid decisions.
>
> This reminds me of a quote by Doug Gwyn:
>
> UN
On Monday, March 26 at 04:27 PM, quoth Vincent Lefevre:
if you'd like to reverse a stupid decision made by the distributor.
So, Mutt's configure shouldn't allow stupid decisions.
This reminds me of a quote by Doug Gwyn:
UNIX was not designed to stop you from doing stupid things,
bec
On 2007-03-25 08:31:46 +, Dave wrote:
> On Sun, Mar 25, 2007 at 04:11:35AM +0200, Vincent Lefevre wrote:
> > Now, if software writers make bad decisions, that's the fault and
> > responsibility of the sysadmin himself? Great!
>
> Making a compile-time option isn't a bad decision if the default
On Sun, Mar 25, 2007 at 04:11:35AM +0200, Vincent Lefevre wrote:
> On 2007-03-22 16:34:44 +, Dave wrote:
> > On Thu, Mar 22, 2007 at 03:09:26PM +0100, Vincent Lefevre wrote:
> > > On 2007-03-21 15:35:18 +, Dave wrote:
> > > > On Wed, Mar 21, 2007 at 01:49:45PM +0100, Vincent Lefevre wrote:
On Sat, Mar 24, 2007 at 12:12:41AM +, Paul Walker wrote:
> On Fri, Mar 23, 2007 at 09:06:04PM +, Dave wrote:
> > If it only takes a millisecond to figure out why I'm wrong, why don't you
> > spend the millisecond and post the results? I spent a few milliseconds on
>
> If you could only g
On 2007-03-22 16:34:44 +, Dave wrote:
> On Thu, Mar 22, 2007 at 03:09:26PM +0100, Vincent Lefevre wrote:
> > On 2007-03-21 15:35:18 +, Dave wrote:
> > > On Wed, Mar 21, 2007 at 01:49:45PM +0100, Vincent Lefevre wrote:
>
> > > > But a *compile-time* option would be a bad idea, as the one wh
On 2007-03-24 00:12:41 +, Paul Walker wrote:
> To be honest, I'm not even really sure why this thread is still
> going on. It's a long thread about a patch that was committed
> almost 10 days ago, and wasn't really *that* important in the
> first place.
I'd guess some people liked the enterta
On Fri, Mar 23, 2007 at 09:06:04PM +, Dave wrote:
> If it only takes a millisecond to figure out why I'm wrong, why don't you
> spend the millisecond and post the results? I spent a few milliseconds on
If you could only get work done under Unix-type systems, then anyone using
Windows couldn'
On Fri, Mar 23, 2007 at 04:36:16PM +, Paul Walker wrote:
> On Fri, Mar 23, 2007 at 02:52:24AM +, Dave wrote:
> > That's why they want clear, simple programs, that do clear, simple
> > actions, without a long config file that by default makes decisions for
> > them in a half-assed way. Gee
On Fri, Mar 23, 2007 at 03:53:08PM +, Ian Collier wrote:
> On Fri, Mar 23, 2007 at 02:52:24AM +, Dave wrote:
> > Check this out:
> > $ cat --version
> > cat (coreutils) 5.2.1
> > Written by Torbjorn Granlund and Richard M. Stallman.
> >
> > Copyright (C) 2004 Free Software Foundation, Inc
On Fri, Mar 23, 2007 at 02:52:24AM +, Dave wrote:
> That's why they want clear, simple programs, that do clear, simple
> actions, without a long config file that by default makes decisions for
> them in a half-assed way. Gee, that's the UNIX philosophy, isn't it?
If that's the case, those pe
On Fri, Mar 23, 2007 at 02:52:24AM +, Dave wrote:
> Check this out:
> $ cat --version
> cat (coreutils) 5.2.1
> Written by Torbjorn Granlund and Richard M. Stallman.
>
> Copyright (C) 2004 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions. There is
On Fri, Mar 23, 2007 at 08:41:55AM -0400, Patrick Shanahan wrote:
> * Dave <[EMAIL PROTECTED]> [03-23-07 02:40]:
> [...] much verbosity removed
> > Anyway, I'm off to the DC. Peace.
>
> You should fit right in, maybe not even be noticed. Lots of smoke!
I actually fit in there quite well (but
On Thu, Mar 22, 2007 at 06:25:27PM -0700, William Yardley wrote:
> On Thu, Mar 22, 2007 at 08:45:20PM -0400, Derek Martin wrote:
> > On Thu, Mar 22, 2007 at 04:34:44PM +, Dave wrote:
> This thread is making my head hurt.
Sorry about that ... may I suggest a cup of orange juice?
> I use mutt
* Dave <[EMAIL PROTECTED]> [03-23-07 02:40]:
[...] much verbosity removed
> Anyway, I'm off to the DC. Peace.
You should fit right in, maybe not even be noticed. Lots of smoke!
--
Patrick ShanahanRegistered Linux User #207535
http://wahoo.no-ip.org
On Thu, Mar 22, 2007 at 08:45:20PM -0400, Derek Martin wrote:
> On Thu, Mar 22, 2007 at 04:34:44PM +, Dave wrote:
> > I've already explained several times that the user doesn't own the
> > system. The physical user is governed by the owner of the system.
>
> This view also completely overloo
On Thu, Mar 22, 2007 at 08:45:20PM -0400, Derek Martin wrote:
> In many places, computers are shared resources, and often groups are
> collaborating. It may be that as a matter of policy, the programs
> being developed by the group must go into a directory writable by the
> group. A malicious use
On Fri, Mar 23, 2007 at 12:13:06AM -0400, Derek Martin wrote:
> On Fri, Mar 23, 2007 at 02:52:24AM +, Dave wrote:
> > > ...and users never do things they're not supposed to, and always
> > > follow all the rules, and all of the world's jails are completely
> > > empty, because everyone does wh
On Fri, Mar 23, 2007 at 02:52:24AM +, Dave wrote:
> > ...and users never do things they're not supposed to, and always
> > follow all the rules, and all of the world's jails are completely
> > empty, because everyone does what they're supposed to do all the time.
>
> You're getting off-topic.
On Thu, Mar 22, 2007 at 06:21:18PM -0400, Derek Martin wrote:
> On Thu, Mar 22, 2007 at 04:34:44PM +, Dave wrote:
> > > And what if users have different wishes?
> >
> > I've already explained several times that the user doesn't own the
> > system. The physical user is governed by the owner o
Hi Will,
On Thu, Mar 22, 2007 at 06:25:27PM -0700, William Yardley wrote:
> I think it's reasonable to at the very least make the mode of saved
> attachments configurable (whether this comes from a config setting or
> the user's umask doesn't matter, though I can see the argument for the
> former)
On Thu, Mar 22, 2007 at 08:45:20PM -0400, Derek Martin wrote:
> On Thu, Mar 22, 2007 at 04:34:44PM +, Dave wrote:
> > I've already explained several times that the user doesn't own the
> > system. The physical user is governed by the owner of the system.
> The situation is less clear for e-
On Thu, Mar 22, 2007 at 04:34:44PM +, Dave wrote:
> I've already explained several times that the user doesn't own the
> system. The physical user is governed by the owner of the system.
This view also completely overlooks the plain fact that Unix is
inherently a multi-user system, designed f
On Thu, Mar 22, 2007 at 04:34:44PM +, Dave wrote:
> > And what if users have different wishes?
>
> I've already explained several times that the user doesn't own the
> system. The physical user is governed by the owner of the system.
> Therefore, the user's wishes must be compatible with the
On Thu, Mar 22, 2007 at 03:09:26PM +0100, Vincent Lefevre wrote:
> On 2007-03-21 15:35:18 +, Dave wrote:
> > On Wed, Mar 21, 2007 at 01:49:45PM +0100, Vincent Lefevre wrote:
> > > But a *compile-time* option would be a bad idea, as the one who
> > > installs the software is not always the one
On 2007-03-21 15:35:18 +, Dave wrote:
> On Wed, Mar 21, 2007 at 01:49:45PM +0100, Vincent Lefevre wrote:
> > But a *compile-time* option would be a bad idea, as the one who
> > installs the software is not always the one who uses it.
>
> The one who installs the software should be the system
>
On Wed, Mar 21, 2007 at 11:07:46PM +, Dave wrote:
> On Wed, Mar 21, 2007 at 08:18:52PM +0100, Oswald Buddenhagen wrote:
> > the sillier the thing, the stronger the guide should be. simple
> > principle.
>
> You're working on a sliding scale here. Sliding scales are never
> simple without a ma
On Wed, Mar 21, 2007 at 11:06:32PM +0100, Oswald Buddenhagen wrote:
> at this point, it would be quite a stretch to claim that this still has
> something to do with mutt, so preferably skip over it if you are not
> interested in discussing world security policy.
Or you could take it off-list...?
On Wed, Mar 21, 2007 at 08:18:52PM +0100, Oswald Buddenhagen wrote:
> On Wed, Mar 21, 2007 at 05:32:55PM +, Dave wrote:
> > On Wed, Mar 21, 2007 at 03:51:02PM +0100, Oswald Buddenhagen wrote:
> > > this is silly. everbody makes mistakes.
> >
> > That doesn't matter. The user is in charge of
at this point, it would be quite a stretch to claim that this still has
something to do with mutt, so preferably skip over it if you are not
interested in discussing world security policy.
On Wed, Mar 21, 2007 at 05:32:55PM +, Dave wrote:
> On Wed, Mar 21, 2007 at 03:51:02PM +0100, Oswald Budd
On Wed, Mar 21, 2007 at 05:32:55PM +, Dave wrote:
> On Wed, Mar 21, 2007 at 03:51:02PM +0100, Oswald Buddenhagen wrote:
> > this is silly. everbody makes mistakes.
>
> That doesn't matter. The user is in charge of deciding how many (if
> any) limits he wants to place on his own decisionmaking
On Wed, Mar 21, 2007 at 04:59:20PM +0100, Oswald Buddenhagen wrote:
> On Wed, Mar 21, 2007 at 03:35:18PM +, Dave wrote:
> > How about runtime options having two shadow compile-time options,
> > default-blah and force-blah? Normally, a sysadmin would only set
> > default-blah options (or none
FWIW, while I agree with Paul's request, I also agree with Oswald's "state of
the discussion" update. I think Derek might have been a bit out of line
attacking me personally earlier (and I might have been out of line possibly
attacking Derek personally earlier still), but this wouldn't be the firs
I'm an idiot.
On Wed, Mar 21, 2007 at 03:35:18PM +, Dave wrote:
> Remember,
> Derek's solution to the security problem is to install as many boobietraps as
> possible between an invader and a vulnerability, and it's trivial to show that
> his solution, while extremely expensive on the programm
I Second.
- Dave
On Wed, Mar 21, 2007 at 02:57:25PM +, Paul Walker wrote:
> This thread seems to be getting a bit personal in places. Can people please
> keep the discussion related to mutt (or at least security)...?
>
> --
> Paul
On Wed, Mar 21, 2007 at 03:51:02PM +0100, Oswald Buddenhagen wrote:
> On Wed, Mar 21, 2007 at 12:27:10AM +, Dave wrote:
> > On Tue, Mar 20, 2007 at 12:14:17PM +0100, Oswald Buddenhagen wrote:
> > > otoh, most users *are* idiots (yes, even the unix users -
> >
> > Idiots have the right (a) to
On Wed, Mar 21, 2007 at 03:35:18PM +, Dave wrote:
> How about runtime options having two shadow compile-time options,
> default-blah and force-blah? Normally, a sysadmin would only set
> default-blah options (or none at all, ideally), but when a sysadmin
> decides to pursue the boobietrap appr
On Wed, Mar 21, 2007 at 02:57:25PM +, Paul Walker wrote:
> This thread seems to be getting a bit personal in places. Can people
> please keep the discussion related to mutt (or at least security)...?
>
well, i expected somebody to say something like that. actually, the one
calling me anti-amer
On Wed, Mar 21, 2007 at 01:49:45PM +0100, Vincent Lefevre wrote:
> On 2007-03-21 00:27:10 +, Dave wrote:
> > On Tue, Mar 20, 2007 at 12:14:17PM +0100, Oswald Buddenhagen wrote:
> > > On Tue, Mar 20, 2007 at 07:28:36AM +, Dave wrote:
> > > > On Mon, Mar 19, 2007 at 11:51:37PM -0400, Derek Ma
This thread seems to be getting a bit personal in places. Can people please
keep the discussion related to mutt (or at least security)...?
--
Paul
signature.asc
Description: Digital signature
On Wed, Mar 21, 2007 at 12:27:10AM +, Dave wrote:
> On Tue, Mar 20, 2007 at 12:14:17PM +0100, Oswald Buddenhagen wrote:
> > otoh, most users *are* idiots (yes, even the unix users -
>
> Idiots have the right (a) to exist, and (b) not to have decisions that
> are rightfully theirs stolen by a z
On 2007-03-21 00:27:10 +, Dave wrote:
> On Tue, Mar 20, 2007 at 12:14:17PM +0100, Oswald Buddenhagen wrote:
> > On Tue, Mar 20, 2007 at 07:28:36AM +, Dave wrote:
> > > On Mon, Mar 19, 2007 at 11:51:37PM -0400, Derek Martin wrote:
> > > > I'd also really like to see a configure option for mu
On Tue, Mar 20, 2007 at 01:11:56PM +0100, Vincent Lefevre wrote:
> On 2007-03-19 23:51:37 -0400, Derek Martin wrote:
> > If you have no clue, your trust is worthless. When we design the
> > security of our applications, we have to assume that the user is
> > completely clueless, because mostly th
On Tue, Mar 20, 2007 at 09:09:50PM -0400, Derek Martin wrote:
> On Wed, Mar 21, 2007 at 02:02:37AM +0100, Thomas Roessler wrote:
> > Rathole?
>
> Yeah... as in avoiding one is why I decline to discuss it further.
> His argumentation is retarded,
Again, I take issue with your libel.
> lacks any
On Tue, Mar 20, 2007 at 09:00:00PM -0400, Derek Martin wrote:
> On Tue, Mar 20, 2007 at 07:28:36AM +, Dave wrote:
> > Look, if the user doesn't care, that's his own choice. We're
> > programmers, not policemen. If you want to force the user to follow
> > your rules because you think you have
On Wed, Mar 21, 2007 at 02:02:37AM +0100, Thomas Roessler wrote:
> Rathole?
Yeah... as in avoiding one is why I decline to discuss it further.
His argumentation is retarded, lacks any grounding in security theory,
remains entrenched in mindless dogma which is largely irrelevant, and
you know it.
Rathole?
--
Thomas Roessler <[EMAIL PROTECTED]>
On 2007-03-20 21:00:00 -0400, Derek Martin wrote:
> From: Derek Martin <[EMAIL PROTECTED]>
> To: Mutt Developers
> Date: Tue, 20 Mar 2007 21:00:00 -0400
> Subject: Re: [PATCH] Remove absolute paths from gpg.rc
>
On Tue, Mar 20, 2007 at 07:28:36AM +, Dave wrote:
> Look, if the user doesn't care, that's his own choice. We're
> programmers, not policemen. If you want to force the user to follow
> your rules because you think you have the right to not trust a user
> with his own system, get Palladium, or
On Tue, Mar 20, 2007 at 12:14:17PM +0100, Oswald Buddenhagen wrote:
> On Tue, Mar 20, 2007 at 07:28:36AM +, Dave wrote:
> > On Mon, Mar 19, 2007 at 11:51:37PM -0400, Derek Martin wrote:
> > > I'd also really like to see a configure option for mutt refuse to
> > > run binaries in directories wh
Derek Martin wrote on 20 Mar 2007 04:51:37 +0100:
> Just for the sake of not being called a cop-out, I will provide one
> published by a renowned and verifiable Unix security expert:
>
> http://sunsite.uakom.sk/sunworldonline/swol-08-1998/swol-08-security.html
>
> Ooh, what's that you say, Pete
On Sat, Mar 17, 2007 at 09:54:25AM -0400, Derek Martin wrote:
> On Sat, Mar 17, 2007 at 11:08:12AM +, Ian Collier wrote:
> > In that case, you get them to download an authorized_keys file for ssh...
> Well sure, there's only so much Mutt can do on its own -- and
> remember, we're talking about
On 2007-03-19 23:51:37 -0400, Derek Martin wrote:
> If you have no clue, your trust is worthless. When we design the
> security of our applications, we have to assume that the user is
> completely clueless, because mostly they are. If you can specify the
> full path to your GPG installation, I re
On Tue, Mar 20, 2007 at 07:28:36AM +, Dave wrote:
> On Mon, Mar 19, 2007 at 11:51:37PM -0400, Derek Martin wrote:
> > I'd also really like to see a configure option for mutt refuse to
> > run binaries in directories where the user has write access,
>
> I think that's a useful option.
>
it sor
Warning: This post is quite long.
On Mon, Mar 19, 2007 at 11:51:37PM -0400, Derek Martin wrote:
> On Sun, Mar 18, 2007 at 08:44:44AM +, Dave wrote:
> Sigh. If you've lost patience with this thread, and you don't want to
> read my long post, but you do still care about Mutt's security, please
Sigh. If you've lost patience with this thread, and you don't want to
read my long post, but you do still care about Mutt's security, please
at least scroll down to where I talk about Peter Galvin, and follow
the link.
On Sun, Mar 18, 2007 at 08:44:44AM +, Dave wrote:
> If you don't trust yo
* On Thu, Mar 15, 2007 Christoph Berg ([EMAIL PROTECTED]) muttered:
> # HG changeset patch
> # User Christoph Berg <[EMAIL PROTECTED]>
> # Date 1173976786 -3600
> # Node ID 50bc0121e4a8b1c638fa56451d477a7cf3b1cbce
> # Parent 5c2f2072a4dbfa69f2db7a93ae52b984f65e165c
> Remove absolute paths.
The se
On Fri, Mar 16, 2007 at 10:47:37AM -0700, Brendan Cully wrote:
> On Thursday, 15 March 2007 at 17:40, Christoph Berg wrote:
> > # HG changeset patch
> > # User Christoph Berg <[EMAIL PROTECTED]>
> > # Date 1173976786 -3600
> > # Node ID 50bc0121e4a8b1c638fa56451d477a7cf3b1cbce
> > # Parent 5c2f20
On Sat, Mar 17, 2007 at 11:08:12AM +, Ian Collier wrote:
> > Say there's a (purely hypothetical) bug in Mutt which allows an
> > attacker to cause mutt to download an arbitrary file (perhaps actually
> > in an application frequently used to aid mutt in viewing mail and/or
> > attachments, e.g.
On Sat, Mar 17, 2007 at 12:11:29PM +0100, Bárður Árantsson wrote:
> > If the attacker is merely able to upload an arbitrary file, this is by
> > far the best route to go. He'll have to make guesses about the best
> > place to put his trojans, but as I just pointed out, that isn't
> > necessarily h
Derek Martin wrote:
> On Fri, Mar 16, 2007 at 12:40:27AM +, Paul Walker wrote:
>>> setting, and I also don't think that any person interested in security
>>> should run with garbage in $PATH. I would also guess that it's just as
>> That's fine, and I would agree, but the person you're dealing w
On Fri, Mar 16, 2007 at 10:22:05PM -0400, Derek Martin wrote:
> On Fri, Mar 16, 2007 at 12:40:27AM +, Paul Walker wrote:
> > If you can modify someones personal files, the game's already over.
> Not so. At least not necessarily.
So!
> Say there's a (purely hypothetical) bug in Mutt which al
On Fri, Mar 16, 2007 at 12:40:27AM +, Paul Walker wrote:
> > setting, and I also don't think that any person interested in security
> > should run with garbage in $PATH. I would also guess that it's just as
>
> That's fine, and I would agree, but the person you're dealing with should be
> assu
On Fri, Mar 16, 2007 at 12:54:56PM -0500, David Champion wrote:
> * On 2007.03.16, in <[EMAIL PROTECTED]>,
> * "Brendan Cully" <[EMAIL PROTECTED]> wrote:
> > + AC_PATH_PROG([GPG], [gpg], [/usr/bin/gpg],
> > [/usr/local/bin:/usr/bin:/sw/bin:/opt/local/bin])
>
> I like this. Other paths to c
* On 2007.03.16, in <[EMAIL PROTECTED]>,
* "Brendan Cully" <[EMAIL PROTECTED]> wrote:
> + AC_PATH_PROG([GPG], [gpg], [/usr/bin/gpg],
> [/usr/local/bin:/usr/bin:/sw/bin:/opt/local/bin])
I like this. Other paths to consider:
/usr/sfw/bin Sun Freeware
/opt/sfw/bin Sun Freeware
On Thursday, 15 March 2007 at 17:40, Christoph Berg wrote:
> # HG changeset patch
> # User Christoph Berg <[EMAIL PROTECTED]>
> # Date 1173976786 -3600
> # Node ID 50bc0121e4a8b1c638fa56451d477a7cf3b1cbce
> # Parent 5c2f2072a4dbfa69f2db7a93ae52b984f65e165c
> Remove absolute paths.
How about this
On Thu, 15 Mar 2007, Christoph Berg wrote:
Re: Thomas Dickey 2007-03-15 <[EMAIL PROTECTED]>
The reason for the absolute paths is very likely to ensure that it
does not pick up some random program named "gpg". (Making it configurable
from a single point is probably a better way to go).
The pr
On Fri, 16 Mar 2007, Christoph Berg wrote:
Re: Brendan Cully 2007-03-16 <[EMAIL PROTECTED]>
I'd like to hear some more concrete examples of the dangers of looking
up gpg in the path...
Ack. Just because gpg is a 'security' application doesn't make running
"ls" instead of "/bin/ls" less danger
On Thu, 15 Mar 2007, Patrick Shanahan wrote:
* David Champion <[EMAIL PROTECTED]> [03-15-07 21:28]:
[...]
I can think of two compromises:
* as Thomas Dickey suggested, detect gpg at compile time and insert
the correct path into the installed muttrc files;
this might be a problem for those u
* David Champion <[EMAIL PROTECTED]> [03-15-07 21:28]:
[...]
> I can think of two compromises:
> * as Thomas Dickey suggested, detect gpg at compile time and insert
> the correct path into the installed muttrc files;
this might be a problem for those using an rpm or dep install and/or
those who
* On 2007.03.15, in <[EMAIL PROTECTED]>,
* "Paul Walker" <[EMAIL PROTECTED]> wrote:
>
> Personally, I would still argue that /usr/bin is far and away the most
> common. Most people are running with gnupg supplied by their distro, and
I don't know if I agree with that. There are still a lo
On Thu, Mar 15, 2007 at 05:15:26PM -0700, Brendan Cully wrote:
> On my OS X system, gpg lives in /sw/bin. Many others probably have it in
> /opt or /usr/local. I don't think /usr/bin is a particularly foolproof
Personally, I would still argue that /usr/bin is far and away the most
common. Most pe
Re: Brendan Cully 2007-03-16 <[EMAIL PROTECTED]>
> I'd like to hear some more concrete examples of the dangers of looking
> up gpg in the path...
Ack. Just because gpg is a 'security' application doesn't make running
"ls" instead of "/bin/ls" less dangerous. Adding /usr/bin merely adds
clutter.
C
On Friday, 16 March 2007 at 00:07, Paul Walker wrote:
> On Thu, Mar 15, 2007 at 05:40:52PM +0100, Christoph Berg wrote:
>
> > # Parent 5c2f2072a4dbfa69f2db7a93ae52b984f65e165c
> > Remove absolute paths.
>
> For what it's worth, I don't think this is a good change. The absolute path
> will be cor
On Thu, Mar 15, 2007 at 05:40:52PM +0100, Christoph Berg wrote:
> # Parent 5c2f2072a4dbfa69f2db7a93ae52b984f65e165c
> Remove absolute paths.
For what it's worth, I don't think this is a good change. The absolute path
will be correct for most systems, and does guard against rogue gpg's in the
pat
On Thu, 15 Mar 2007, Marco d'Itri wrote:
On Mar 15, Thomas Dickey <[EMAIL PROTECTED]> wrote:
The reason for the absolute paths is very likely to ensure that it
does not pick up some random program named "gpg". (Making it configurable
from a single point is probably a better way to go).
How m
Re: Thomas Dickey 2007-03-15 <[EMAIL PROTECTED]>
> The reason for the absolute paths is very likely to ensure that it
> does not pick up some random program named "gpg". (Making it configurable
> from a single point is probably a better way to go).
The proper way to deal with that is not to have
On Mar 15, Thomas Dickey <[EMAIL PROTECTED]> wrote:
> The reason for the absolute paths is very likely to ensure that it
> does not pick up some random program named "gpg". (Making it configurable
> from a single point is probably a better way to go).
How many random programs named "gpg" are ther
On Thu, 15 Mar 2007, Christoph Berg wrote:
# HG changeset patch
# User Christoph Berg <[EMAIL PROTECTED]>
# Date 1173976786 -3600
# Node ID 50bc0121e4a8b1c638fa56451d477a7cf3b1cbce
# Parent 5c2f2072a4dbfa69f2db7a93ae52b984f65e165c
Remove absolute paths.
The reason for the absolute paths is ve
84 matches
Mail list logo
