Date: Tue, 7 Aug 2001 18:23:24 -0500 From: Mike Meyer <mwm@mired.org> To: "Thomas Beer" <tom@analogon.com> Cc: questions@freebsd.org Subject: Re: Fw: FreeBSD Security Advisory FreeBSD-SA-01:52.fragment Message-ID: <15216.30828.442770.319628@guru.mired.org> In-Reply-To: <10263130@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas Beer <tom@analogon.com> types: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > can anyone confirm, that this pgp sign advisory is valid? > > Thanks Tom > > > > > >*** PGP Signature Status: bad > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > >*** Signer: FreeBSD Security Officer <security-officer@freebsd.org> > >*** Signed: 07.08.01 01:07:38 > >*** Verified: 07.08.01 20:15:15 > >*** BEGIN PGP VERIFIED MESSAGE *** [Rest deleted.] Comment 1) If you really want people to confirm a PGP signature, you need to send the message unmodified. That means you can't send it quoted by your mailer, or in mangled in any other way; you have to send it as an attachement. Comment 2) Asking others to verify a signature doesn't say a thing about the validity of the signature. If they say it's fine for them, that means you need to figure out why your software is complaining about the signature and verify it yourself, *not* trust it. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15216.30828.442770.319628>