-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/01/2004 16:03, Brad Koehn wrote:
> These kinds of things make me nervous: automatically downloading code > from another site over insecure protocols and running it locally, > possibly as root. > > If we're going to distribute code, we really need some kind of signing > mechanism like PGP, otherwise the bad guys will just start hacking the > servers, and putting in rules that let their spam through. Yes it would be nice to be able to do this more securely. > Yes, I'm paranoid, but the spammers have been going after sites using > increasingly sophisticated techniques (DDOS being a fairly nasty one). > It would be wise to get a step or two ahead of them. I'm not enough of > a perl jockey to know if code signing is supported by the runtime > (other runtimes do), but we really should start using something to > verify code. An alternative that might be a more secure way of obtaining the file is if it were available by email response; send an email to a request address and it is returned to the requester. - -- Regards Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) iD8DBQE/9a7C3wKVPLs2unURAgbIAJ4yXV6NCpf/kMkeFODRiCLC7g3hrgCfSNUc qj2f5Fb3trm2XQqhISKv1l0= =VpaG -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
